]> git.koha-community.org Git - koha.git/log
koha.git
7 years agoBug 18422 - Add Select2 to authority editor
Oleg Vasylenko [Wed, 12 Apr 2017 07:45:48 +0000 (10:45 +0300)]
Bug 18422 - Add Select2 to authority editor

Overview:
Repeat tag fails if authority field has select subfield (for example, UNIMARC 700$8, 800$a)
This patch adds Select2 to authority editor

Steps to Reproduce:
In authority editor repeat field that has select subfield

Actual Results:
Field does not repeat (copy is not created).
Console shows a js TypeError in cataloging.js: «$(...).select2 is not a function»

Expected Results:
Field will repeat (copy is created)

Additional Information:
Error happens in version 16.11+ after adding Select2 js functions. The easiest way to fix is to add Select2 to authority editor

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19307: Mock the AllowFineOverride preference to ensure expected result
Nick Clemens [Wed, 13 Sep 2017 12:06:50 +0000 (12:06 +0000)]
Bug 19307: Mock the AllowFineOverride preference to ensure expected result

To test:
 1 - Set 'AllowFineOverride' to allow
 2 - prove t/db_dependent/Circulation/NoIssuesChargeGuarantees.t
 3 - 1 test fails
 4 - Apply patch
 5 - prove t/db_dependent/Circulation/NoIssuesChargeGuarantees.t
 6 - All tests pass
 7 - Set 'AllowFineOverride' to 'Don't allow'
 8 - Tests should still pass

Signed-off-by: David Bourgault <david.bourgault@inlibro.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19344: DBRev 17.05.00.009
Jonathan Druart [Fri, 29 Sep 2017 19:47:04 +0000 (16:47 -0300)]
Bug 19344: DBRev 17.05.00.009

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19344: Reorder lang and login_attempts in the [deleted]borrowers tables
Jonathan Druart [Tue, 19 Sep 2017 16:32:31 +0000 (13:32 -0300)]
Bug 19344: Reorder lang and login_attempts in the [deleted]borrowers tables

Due to a bad rebase, the borrowers and deletedborrowers table structure
may different from a new install and upgraded install
For new installs, the order was: lang, login_attempts
For upgraded installs, it was lang, last_seen, login_attempts

After this patch, the order must be:
- last_seen
- lang
- login_attempts

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19317: (bug 18966 follow-up) Remove leftover
Jonathan Druart [Thu, 14 Sep 2017 13:57:40 +0000 (10:57 -0300)]
Bug 19317: (bug 18966 follow-up) Remove leftover

Nothing important here, but this line should have been removed by bug
18966:

2177         # Update the fines
2178         $dbh->do(q|UPDATE accountlines SET issue_id = ? WHERE
issue_id = ?|, undef, $old_checkout->issue_id, $issue->issue_id);

The issue_id is now the same when moved from issues to old_issues. We do
not need to update the accountlines table.

No test plan here, you need to understand previous changes to validate
this patch.

Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19276: (bug 17829 follow-up) Fix Statistic patrons behaviour
Jonathan Druart [Fri, 8 Sep 2017 15:47:03 +0000 (12:47 -0300)]
Bug 19276: (bug 17829 follow-up) Fix Statistic patrons behaviour

Bug 17829 must have been handle this specific case: GetMember set
category_type, but now $borrower is a Koha::Patron unblessed and does
not contain the category_type.
The fix is to call ->category->category_type on the Koha::Patron object
to be able to know if they are a statistic patrons.

Test plan:
Run the tests

Tests pass, as does QA test tool
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18999: (QA followup) ModReceiveOrder expects a hashref
Tomas Cohen Arazi [Fri, 29 Sep 2017 14:29:24 +0000 (11:29 -0300)]
Bug 18999: (QA followup) ModReceiveOrder expects a hashref

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18999: Modified SQL query in GetBudgetSpent() in C4/Budgets.pm
Alex Buckley [Sat, 22 Jul 2017 19:19:44 +0000 (19:19 +0000)]
Bug 18999: Modified SQL query in GetBudgetSpent() in C4/Budgets.pm

Removed the SQL select condition 'AND closedate IS NOT NULL' because
this was not returning shippingcost values and it does not exist in the
SQL query to return the shipping cost in spent.pl

Also removed the retrieval of shipping cost and the associated addition
of item(s) cost and shipping cost in GetBudgetOrdered() in C4/Budgets.pm
to prevent the shipping costs being subtracted off the fund total twice

Test plan:
1. Go to Acquisition and create a currency, budget (make this value of
100), fund ( make this the value of 50), vendor (if
neccessary)

2. Create a basket and click 'Add to basket'

3. Add 2 items with the vendor price of 10

4. Click 'Receive shipment' and write in the shipment cost of 6

5. Click 'Finish receiving' and go back to Acquisitions

6. Notice the spent column value is 0.00 but if you click on the value then
the spent.pl page is displayed and shows that the shipment cost was 6.00

7. On the acquisition page also notice that the ordered column value is 26.00

8. Click on the name of the fund and notice the spent column value is
0.00 in the fund page table

9. Apply patch

10. Refresh acquisition page and notice that 6.00 is the value in the
Spent column and 20.00 is the value in the ordered column. Both of which
match the subtotal of the full-list tables displayed when you click on these
values

11. Also notice the spent value in the fund page table is 6.00

12 Observe the changes to GetBudgetSpent() and GetBudgetOrdered() C4/Budgets.pm and check they make sense

Sponsored-by: Catalyst IT
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18999: (QA followup) Minor fixes for tests
Alex Buckley [Sat, 16 Sep 2017 07:52:25 +0000 (07:52 +0000)]
Bug 18999: (QA followup) Minor fixes for tests

Removed unneccessary declaration of $budget and changed
Koha::Acquisition::Order->new->insert into
Koha::Acquisition::Order->new->store as requested in tester feedback

Test plan:
1. Go into your koha-shell

2. set the PERL5LIB variable

3. Run t/db_dependent/Budgets.t

All tests should pass

Sponsored-by: Catalyst IT
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18999: Add regression tests
Alex Buckley [Fri, 18 Aug 2017 15:16:55 +0000 (15:16 +0000)]
Bug 18999: Add regression tests

Added regression test for GetBudgetSpent() and GetBudgetOrdered() into
the t/db_dependent/Budgets.t

Test plan:
1. Go into your koha-shell

2. set the PERL5LIB variable

3. Run t/db_dependent/Budgets.t

All tests should pass

Sponsored-by: Catalyst IT
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16463: Replace discharge link with error message if user has checked out items
Aleisha Amohia [Wed, 30 Aug 2017 23:26:38 +0000 (23:26 +0000)]
Bug 16463: Replace discharge link with error message if user has checked out items

To test:
1) Ensure the useDischarge syspref is enabled
2) Check out an item to a borrower
3) Log in to the OPAC as this borrower
4) Click the 'ask for a discharge' link in the nav
5) Click the 'Ask for a discharge' link
6) Notice you cannot be discharged because you have checkouts
7) Apply the patch, click the 'ask for a discharge' link in the nav
8) Notice the link has been replaced with an appropriate error message
9) Attempt to force the discharge URL:
/cgi-bin/koha/opac-discharge?op=request
10) Notice the message and you cannot be discharged.
11) Confirm that when you check in your item, the discharge link shows
again and works as expected.

Sponsored-by: Catalyst IT
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18318: Unicode support for Elasticsearch
Nick Clemens [Sat, 8 Apr 2017 03:09:05 +0000 (23:09 -0400)]
Bug 18318: Unicode support for Elasticsearch

You must install the icu plugin for elasticsearch
https://www.elastic.co/guide/en/elasticsearch/plugins/current/analysis-icu.html

Once installed, apply this patch
Reindex your data, deleting the existing indexes
perl /home/vagrant/kohaclone/misc/search_tools/rebuild_elastic_search.pl
-d
Find (or add) some titles with accented characters
Verify that a search for the exact character or the unaccented version
works

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19120: Leave cancelled ordered items alone when reopening basket
Mark Tompsett [Sat, 2 Sep 2017 01:23:20 +0000 (21:23 -0400)]
Bug 19120: Leave cancelled ordered items alone when reopening basket

TEST PLAN
---------
1) Apply first patch
2) prove t/db_dependent/Acquisition/close_reopen_basket.t
   -- FAILS
3) Apply this patch
4) prove t/db_dependent/Acquisition/close_reopen_basket.t
   -- SUCCESS!
5) run koha qa test tools

Followed test plan, patch worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19120: Add tests to reproduce the problem
Mark Tompsett [Sat, 2 Sep 2017 01:21:40 +0000 (21:21 -0400)]
Bug 19120: Add tests to reproduce the problem

TEST PLAN
---------
1) apply this patch
2) prove t/db_dependent/Acquisition/close_reopen_basket.t
   -- FAILS!
   -- This proves the test works.
3) run koha qa test tools

Followed test plan, patch worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19329: Update IntranetSlipPrinterJS system preference description.
Josef Moravec [Tue, 19 Sep 2017 07:13:53 +0000 (07:13 +0000)]
Bug 19329: Update IntranetSlipPrinterJS system preference description.

Test plan:
0) Apply the patch
1) Go to administration -> system preferences -> staff client
2) Read the description by IntranetSlipPrinterJS and confirm it's right

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19372: (bug 15801 follow-up) pass selected frameworkcode to the template
Jonathan Druart [Wed, 27 Sep 2017 15:54:18 +0000 (12:54 -0300)]
Bug 19372: (bug 15801 follow-up) pass selected frameworkcode to the template

Bug 15801 removes the 2 lines that were necessary to retrieve the
framework selected by the user and pass it to the template.
All bibliographic records created when adding an order to the basket
using an external source used the default framework.

Test plan:
Add an order to a basket from an external source
Select another framework than the default one
=> Without this patch, whatever the framework you picked, the default
one is used
=> With this patch applied the framework code you will pick will be used

Signed-off-by: Marijana Glavica <mglavica@ffzg.hr>
Signed-off-by: Marijana Glavica <mglavica@ffzg.hr>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19366: Do not block patron's detail update if EmailMustBeUnique
Jonathan Druart [Wed, 27 Sep 2017 16:44:00 +0000 (13:44 -0300)]
Bug 19366: Do not block patron's detail update if EmailMustBeUnique

If the pref PatronSelfRegistrationEmailMustBeUnique is set ("consider"),
a patron is not allowed to register with an existing email address.
The existing code is wrong and reject a patron that is updating their
personal details with "This email address already exists in our
database.", even if the patron did not modify their email address.

This is caused by the query we made, we must search for patron with this
email address but who is not the current patron.

Test plan:
- Set PatronSelfRegistrationEmailMustBeUnique to "consider"
- Register a new patron with an existing email address
=> you should not be allowed
- Use a non-existent email address
=> You should be allowed
- Edit your patron details
- Modify some infos
=> Should pass
- Modify your email address with an existing one
=> You should not be allowed to do that

Followed test plan, patches worked as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19357: (bug 18260 follow-up) Remove non-relevant attributes
Jonathan Druart [Thu, 21 Sep 2017 14:09:57 +0000 (11:09 -0300)]
Bug 19357: (bug 18260 follow-up) Remove non-relevant attributes

When created, batch_record_modification.tt has been based on
batch_delete_records.tt
These attributes are not used in the template and not set in the pl
script.
Since bug 18260, biblio is a Koha::Biblio and calling a non-existent
method will raise an error.

This patch get rid of the following error:
batch_record_modification.pl: Template process failed: undef error - The
method itemnumbers is not covered by tests!

Test plan:
Modify bibliographic records with the "Batch record modification" tool.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 15173: Restore SubfieldsToAllowForRestrictedEditing
Jonathan Druart [Tue, 16 Aug 2016 14:12:07 +0000 (15:12 +0100)]
Bug 15173: Restore SubfieldsToAllowForRestrictedEditing

Bug 7673 introduced SubfieldsToAllowForRestrictedEditing but bug 12176
broke it assuming that only selects were impacted by this feature.

Test plan:
Go back on bug 7673 and confirm that
SubfieldsToAllowForRestrictedEditing is working as expected with this
patch applied.

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
For clarification, the item fields that are entered in
SubfieldsToAllowForRestrictedEditing should EXCLUDE the desired
fields you want to disable.

Test plan (updated to test the scenario in the bug Description):
1. Create a patron with only the following permissions:
    - catalogue (Required for staff login)
    - editcatalogue -> edit_catalogue
    - editcatalogue -> edit_items
    - editcatalogue -> edit_items_restricted
2. Navigate to Administration -> Global system preferences -> Cataloging
    -> Record Structure -> SubfieldsToAllowForRestrictedEditing
3. In the input field for SubfieldsToAllowForRestrictedEditing enter in
    all the 952 fields EXCEPT the ones desired to be disabled. In this
    case, we want to disallow editing of 952$2, 952$a, 952$b, 952$e, 952$h,
    and 952$o so we enter the following into the
    SubfieldsToAllowForRestrictedEditing (without quotes) "952$0 952$1
    952$3 952$4 952$5 952$7 952$8 952$c 952$d 952$f 952$g 952$i 952$j
    952$p 952$t 952$u 952$v 952$w 952$x 952$y 952$z"
4. Click Save all Cataloging preferences
5. Login to the staff client as the created restricted editing patron
6. Edit an item
7. Note that all fields except for the ones excluded from the syspref
    are editable

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19323: subscription edit permission issue
Fridolin Somers [Fri, 15 Sep 2017 09:12:01 +0000 (11:12 +0200)]
Bug 19323: subscription edit permission issue

If a librarian has edit_subscription but not create_subscription :
When trying to edit a subscription, after saving permission is denied.

This is because permissions in serials/subscription-add.pl depends on arg 'op' and on edit this arg starts with 'modify' but changes to 'modsubscription' when saving.

Test plan :
- Create a user with staff access
- Define its permissions on serials : only edit_subscription
- Edit a subscription
- Click 'Next'
- Click 'Test prediction pattern'
- Click 'Save subscription'
=> Without patch you get to page serials/subscription-add.pl with permission denied
=> With patch subscription is saved and you get to subscription details page

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19334: Circulation history doesn't set biblionumber so left navigation is broken
Dobrica Pavlinusic [Mon, 18 Sep 2017 17:17:35 +0000 (19:17 +0200)]
Bug 19334: Circulation history doesn't set biblionumber so left navigation is broken

Navigation on the left (Normal, MARC, etc...) needs biblionumber in
template variables to work.

Test:
1. go to checkout history for any biblio
2. verify that normal, MARC, etc links on the left no longer work
   due to missing biblionumber in URL
3. apply patch and test it again

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19116: Hold not set to waiting after transfer
Josef Moravec [Tue, 22 Aug 2017 08:58:11 +0000 (08:58 +0000)]
Bug 19116: Hold not set to waiting after transfer

Test plan:

0) Do not apply the patch
1) Place hold on item from another branch
2) Switch to that branch
3) Check them in at the other branch to set them into transport status (T)
4) Switch back to your homebranch
5) Check items in again, use the different confirm buttons and
    compare: Only "confirm and print" will be set to waiting, "confirm"
    remains in transport.
6) Apply the patch
7) Repeat 1-5 - now should work as expected - the hold is marked waiting
on "confirm" button too
8) Check the hold from the same branch, to make sure this doesn't add
regression

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19116: (followup) Add tests to highlight the problem in CheckReserves
Josef Moravec [Fri, 22 Sep 2017 08:40:56 +0000 (08:40 +0000)]
Bug 19116: (followup) Add tests to highlight the problem in CheckReserves

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19116: Unit tests
Jonathan Druart [Mon, 4 Sep 2017 17:14:31 +0000 (14:14 -0300)]
Bug 19116: Unit tests

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19127: (follow-up) Fix Stored XSS in csv-profiles.pl
Jonathan Druart [Tue, 12 Sep 2017 14:21:27 +0000 (11:21 -0300)]
Bug 19127: (follow-up) Fix Stored XSS in csv-profiles.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19127: Fix Stored XSS in csv-profiles.pl
Amit Gupta [Wed, 16 Aug 2017 12:26:17 +0000 (17:56 +0530)]
Bug 19127: Fix Stored XSS in csv-profiles.pl

To Test
1. Hit the page /cgi-bin/koha/tools/csv-profiles.pl?op=add_form
2. Add a text in the field Profile name, Profile description
   and Profile MARC fields that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: (follow-up) Fix Stored XSS in biblio_framework.pl
Jonathan Druart [Tue, 12 Sep 2017 14:06:11 +0000 (11:06 -0300)]
Bug 19108: (follow-up) Fix Stored XSS in biblio_framework.pl

Prevent software error
Template process failed: undef error - text: filter not found at
/home/vagrant/kohaclone/C4/Templates.pm line 121.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: (follow-up) Fix Stored XSS in fieldmapping.pl and items_search_fields.pl
Katrin Fischer [Wed, 16 Aug 2017 11:52:07 +0000 (13:52 +0200)]
Bug 19108: (follow-up) Fix Stored XSS in fieldmapping.pl and items_search_fields.pl

To test:
- Add a framework with script in the description
- Access the Keywords to MARC mapping page
- Add an item search field where both name and label are script
- Try to edit/delete the added mapping

With the patch no script should be executed and everything
should still work ok.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl
Amit Gupta [Tue, 15 Aug 2017 09:07:50 +0000 (14:37 +0530)]
Bug 19108: Fix Stored XSS in biblio_framework.pl and marctagstructure.pl

To Test
1. Hit the page /cgi-bin/koha/admin/biblio_framework.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Click on Actions -> MARC structure
6. Apply patch and reload, the js is escaped

Fixed for both the pages biblio_framework.pl and marctagstructure.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in fieldmapping.pl
Amit Gupta [Tue, 15 Aug 2017 08:40:43 +0000 (14:10 +0530)]
Bug 19108: Fix Stored XSS in fieldmapping.pl

To Test
1. Hit the page /cgi-bin/koha/admin/fieldmapping.pl
2. Add a text in the field Field name that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in authtypes.pl
Amit Gupta [Tue, 15 Aug 2017 08:36:47 +0000 (14:06 +0530)]
Bug 19108: Fix Stored XSS in authtypes.pl

To Test
1. Hit the page /cgi-bin/koha/admin/authtypes.pl?op=add_form
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in classsources.pl
Amit Gupta [Tue, 15 Aug 2017 08:25:45 +0000 (13:55 +0530)]
Bug 19108: Fix Stored XSS in classsources.pl

Fixed for both Classification sources & Classification filing rules

To Test
1. first case classification source: Hit the page
   /cgi-bin/koha/admin/classsources.pl?op=add_source
   second case classification filing rules:
   Hit the page /cgi-bin/koha/admin/classsources.pl?op=add_sort_rule
2. Add a text in the field Description that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in items_search_fields.pl
Amit Gupta [Tue, 15 Aug 2017 08:19:10 +0000 (13:49 +0530)]
Bug 19108: Fix Stored XSS in items_search_fields.pl

To Test
1. Hit the page /cgi-bin/koha/admin/items_search_fields.pl
2. Add a text in the field Name and Label that contains js
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for new and edit page

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19108: Fix Stored XSS in oai_sets.pl
Amit Gupta [Tue, 15 Aug 2017 08:03:57 +0000 (13:33 +0530)]
Bug 19108: Fix Stored XSS in oai_sets.pl

To Test
1. Hit the page /cgi-bin/koha/admin/oai_sets.pl
2. Click on New set
3. Add a text in the field setSpec, setName that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19103: (follow-up) Fix Stored XSS in itemtypes.pl
Jonathan Druart [Tue, 12 Sep 2017 13:58:24 +0000 (10:58 -0300)]
Bug 19103: (follow-up) Fix Stored XSS in itemtypes.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19103: Fix Stored XSS in matching-rules.pl
Amit Gupta [Tue, 15 Aug 2017 04:45:54 +0000 (10:15 +0530)]
Bug 19103: Fix Stored XSS in matching-rules.pl

To Test
1. Hit the page /cgi-bin/koha/admin/matching-rules.pl
2. Click on new record matching rule
3. Add a text in the field Description that contain js.
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19103: Fix Stored XSS in patron-attr-types.pl
Amit Gupta [Tue, 15 Aug 2017 04:37:45 +0000 (10:07 +0530)]
Bug 19103: Fix Stored XSS in patron-attr-types.pl

To Test
1. Hit the page /cgi-bin/koha/admin/patron-attr-types.pl
2. Click on new patron attribute type
2. Add a text in the field Description that contain js.
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19103: Fix Stored XSS in itemtypes.pl
Amit Gupta [Tue, 15 Aug 2017 03:22:40 +0000 (08:52 +0530)]
Bug 19103: Fix Stored XSS in itemtypes.pl

To Test
1. Hit the page /cgi-bin/koha/admin/itemtypes.pl
2. Add a text in the field Description, Checkin message that contains js
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19128: Fix Stored XSS in admin/authorised_values.pl
Jonathan Druart [Tue, 12 Sep 2017 13:35:10 +0000 (10:35 -0300)]
Bug 19128: Fix Stored XSS in admin/authorised_values.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl
Katrin Fischer [Wed, 16 Aug 2017 12:34:17 +0000 (14:34 +0200)]
Bug 19128: Fix Stored XSS in patron-attr-types.pl, authorised_values.pl and categories.pl

Preparation:
- Add a branch with script in the branch name
- Add a patron category with script in the category name
- Add a new authorised value cateogory with script
- Add a new authroised value for this category with script
  in all possible fields

- Test editing patron categories
- Test editing patron attribute types
- Test viewing and editing authorised values

Verify that with this script there is no more script executed
and everything works fine.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19125: Fix Stored XSS in members.pl
Katrin Fischer [Wed, 16 Aug 2017 10:05:50 +0000 (12:05 +0200)]
Bug 19125: Fix Stored XSS in members.pl

In preparation to test this patch:
- Add a patron list named <script>alert("patron list")</script>
- Add a library named <script>alert("library")</script>
- Add a patron category named <script>alert("patron category")</script>

To test:
- Access patron search page and do a search
- Verify that the alerts added above are executed
- Apply patch
- Verify that no alerts are displayed

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in subscription-detail.pl
Katrin Fischer [Wed, 16 Aug 2017 11:07:18 +0000 (13:07 +0200)]
Bug 19086: Fix Stored XSS in subscription-detail.pl

Add script to the callnumber field on adding a subscription.

Verify script is executed without this patch, but not with it.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: (follow-up) Fix Stored XSS in supplier.pl
Katrin Fischer [Wed, 16 Aug 2017 10:59:13 +0000 (12:59 +0200)]
Bug 19086: (follow-up) Fix Stored XSS in supplier.pl

In preparation:
Make sure you enter <script>alert("sth")</script>
in all fields of a new vendor that are not validated
and save.

1) Access vendor summary page.
2) Verify scripts are executed
3) Apply patch
4) Verify scripts are on longer executed

This works in combination with the other patches for XSS
on this bug.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in subscription-add.pl
Amit Gupta [Mon, 14 Aug 2017 21:14:11 +0000 (02:44 +0530)]
Bug 19086: Fix Stored XSS in subscription-add.pl

To Test
1. Hit the page /cgi-bin/koha/serials/subscription-add.pl
2. Add a text in the field Public note and Nonpublic note
   that contains js (Internalnotes, notes)
2. Save the page.
3. Notice js is execute
4. Apply patch and reload, the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in supplier.pl
Amit Gupta [Mon, 14 Aug 2017 21:03:59 +0000 (02:33 +0530)]
Bug 19086: Fix Stored XSS in supplier.pl

1. Hit the page /cgi-bin/koha/acqui/supplier.pl?op=enter
2. Add a text in the field company_postal, physical, company_fax,
   accountnumber, contactposition, contact_fax, contact_notes, notes that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in circulation.pl
Chris Cormack [Fri, 11 Aug 2017 19:54:34 +0000 (19:54 +0000)]
Bug 19086: Fix Stored XSS in circulation.pl

1/ To test add a message to a borrower that contains js
2/ hit /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number]
  where number is the borrowernumber of the borrower you set the message
  for
3/ Notice js is execute
4/ Apply patch, reload, js is escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19086: Fix Stored XSS in members/member.pl
Chris Cormack [Fri, 11 Aug 2017 19:36:43 +0000 (19:36 +0000)]
Bug 19086: Fix Stored XSS in members/member.pl

To test
1/ hit /cgi-bin/koha/members/member.pl?&searchmember=<script>alert('XSS Payload')</script>
2/ Notice js is executed
3/ Apply patch, reload
4/ js is now escaped

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19385: Fix random t/Calendar.t failure - clear the cache before
Jonathan Druart [Thu, 28 Sep 2017 17:49:11 +0000 (14:49 -0300)]
Bug 19385: Fix random t/Calendar.t failure - clear the cache before

The cache 'exception_holidays' may be populated when we run these tests,
we need to clear it before the tests are run.

Test plan:
  prove t/db_dependent/Circulation/CalcDateDue.t  t/Calendar.t

Without this patch, t/Calendar will fail with:
  #   Failed test 'Exception holiday is not a closed day test'
  #   at t/Calendar.t line 159.
  #          got: '1'
  #     expected: '0'
  # Looks like you failed 1 test of 38.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18282: operationId must be unique
Lari Taskula [Thu, 16 Mar 2017 11:53:44 +0000 (13:53 +0200)]
Bug 18282: operationId must be unique

operationId has the following documentation:
 "Unique string used to identify the operation. The id MUST be unique among all
  operations described in the API."

This patch modifies operationIds to be unique accross our API operations.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18290: Fix t/db_dependent/Koha/Object.t, Mojo::JSON::Bool is a JSON::PP::Boolean :)
Olli-Antti Kivilahti [Fri, 17 Mar 2017 06:09:05 +0000 (08:09 +0200)]
Bug 18290: Fix t/db_dependent/Koha/Object.t, Mojo::JSON::Bool is a JSON::PP::Boolean :)

Mojolicious 7.21 onwards, no longer returns Mojo::JSON::Bool-objects but JSON::PP instead.
Which might be pretty smart.

This version is required by bug 18137 and so this patch for the tests is
needed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Tested along with 18137 and its dependencies (libs).

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (QA followup) Make sure the session exists and is expired on expiration...
Tomas Cohen Arazi [Wed, 9 Aug 2017 14:11:13 +0000 (11:11 -0300)]
Bug 18137: (QA followup) Make sure the session exists and is expired on expiration tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Lari Taskula <lari.taskula@jns.fi>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies
Lari Taskula [Fri, 17 Feb 2017 11:14:09 +0000 (13:14 +0200)]
Bug 18137: List Mojolicious::Plugin::OpenAPI and JSON::Validator as dependencies

Edit (tcohen): I've changed the version numbers to match those Mirko has already
successfully packaged and are known to work for this patchset.

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (follow-up) Sort definitions.json
Lari Taskula [Thu, 16 Mar 2017 12:24:52 +0000 (14:24 +0200)]
Bug 18137: (follow-up) Sort definitions.json

Before this file grows, we should sort it alphabetically.

To test:
1. prove t/db_dependent/api/v1

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (QA-follow-up) Fix pod fail
Lari Taskula [Tue, 7 Mar 2017 11:31:04 +0000 (13:31 +0200)]
Bug 18137: (QA-follow-up) Fix pod fail

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: (follow-up) Fix handling DBIx::Class::Exception messages
Lari Taskula [Tue, 7 Mar 2017 11:37:09 +0000 (13:37 +0200)]
Bug 18137: (follow-up) Fix handling DBIx::Class::Exception messages

- DBIx::Class::Exception should use ->{msg}

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Remove x-mojo-around-action
Lari Taskula [Tue, 21 Feb 2017 17:55:28 +0000 (19:55 +0200)]
Bug 18137: Remove x-mojo-around-action

Mojolicious::Plugin::OpenAPI does not support x-mojo-around action. This patch
removes it from our specification document.

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Make /holds Mojolicious::Plugin::OpenAPI compatible
Lari Taskula [Mon, 20 Feb 2017 18:07:26 +0000 (20:07 +0200)]
Bug 18137: Make /holds Mojolicious::Plugin::OpenAPI compatible

Also
- adding some missing and new response definitions into Swagger spec.
- fixing failing tests due to Bug 17932's change of boolean values

To test:
1. prove t/db_dependent/api/v1/holds.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Make /cities Mojolicious::Plugin::OpenAPI compatible
Lari Taskula [Mon, 20 Feb 2017 17:58:28 +0000 (19:58 +0200)]
Bug 18137: Make /cities Mojolicious::Plugin::OpenAPI compatible

Also:
- adding some missing and new response definitions into Swagger spec.

To test:
1. prove t/db_dependent/api/v1/cities.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Make /patrons Mojolicious::Plugin::OpenAPI compatible
Lari Taskula [Fri, 17 Feb 2017 12:59:24 +0000 (14:59 +0200)]
Bug 18137: Make /patrons Mojolicious::Plugin::OpenAPI compatible

Also:
- adding some missing and new response definitions into Swagger spec.
- fixing failing test due to Bug 17932's change of boolean values

To test:
1. prove t/db_dependent/api/v1/patrons.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Migrate from Swagger2 to Mojolicious::Plugin::OpenAPI
Lari Taskula [Fri, 17 Feb 2017 12:36:36 +0000 (14:36 +0200)]
Bug 18137: Migrate from Swagger2 to Mojolicious::Plugin::OpenAPI

This patch migrates from Swagger2 to Mojolicious::Plugin::OpenAPI as Swagger2 is
no longer actively maintained.

This migration involves some minor changes to our Swagger specification documents
and to controllers. Each operation is migrated in following patches separately.
Please see Mojolicious::Plugin::OpenAPI and its tutorial for more documentation.

The patch also refactors some API authentication -related code by taking advantage
of Koha::Exceptions. Authentication is now handled via Mojolicious's "under->to"
functionality. The actual authentication & authorization checks are moved to
Koha::REST::V1::Auth. Added a HTTP 503 response for when database update is
required, instead of returning an authentication failure as before.

To test:
1. prove t/db_dependent/api/v1/auth.t

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18137: Add useful Koha::Exceptions
Lari Taskula [Fri, 17 Feb 2017 12:34:42 +0000 (14:34 +0200)]
Bug 18137: Add useful Koha::Exceptions

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19119: Remove definitions.t
Tomas Cohen Arazi [Wed, 20 Sep 2017 15:45:24 +0000 (12:45 -0300)]
Bug 19119: Remove definitions.t

This patch removes t/db_dependent/api/v1/swagger/definitions.t

Its goal is not simple to achieve, and worth moving into the QA tools instead.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 6758)
Tomas Cohen Arazi [Wed, 20 Sep 2017 12:15:42 +0000 (09:15 -0300)]
Bug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 6758)

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 18137)
Lari Taskula [Fri, 28 Apr 2017 12:33:33 +0000 (12:33 +0000)]
Bug 18508: Fix t/db_dependent/api/v1/swagger/definitions.t (follow-up of 18137)

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19173: Add opac payment and marc conversion plugins to the pulldown filter list
Kyle M Hall [Fri, 25 Aug 2017 10:26:21 +0000 (06:26 -0400)]
Bug 19173: Add opac payment and marc conversion plugins to the pulldown filter list

Edit: fixed tab-for-space errors (tcohen).

Signed-off-by: Magnus Enger <magnus@libriotech.no>
New categories are added to the pulldown and work as expected.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19173: Make OPAC online payments pluggable
Kyle M Hall [Thu, 24 Aug 2017 10:55:49 +0000 (06:55 -0400)]
Bug 19173: Make OPAC online payments pluggable

While PayPal is fairly universal, there is a plethora of online
payment system that are far more localized, servicing a single
country ( e.g. Bug 18968 ) or even a single  city! Instead of
adding support for each and every one of these payment options
directly into Koha, it makes more sense to add the ability to
create online payment plugins.

Test Plan:
1) Apply this patch
2) Download and install the Kitchen Sink plugin version 2.1.1 or later
   https://github.com/bywatersolutions/koha-plugin-kitchen-sink/releases
3) In the plugin options, enable the opac payments option
4) Create a patron with one or more fines
5) Log into the opac as that patron, note you now have the option
   to pay online via KitchenSink ImaginaryPay
6) Make an online payment
7) Note the payment was processed correctly

Sponsored-by: Washoe County Library System
Signed-off-by: Kyle M Hall <kyle@gmail.com>
Signed-off-by: Magnus Enger <magnus@libriotech.no>
Awesome enhancement! I know we want to add at least one Norwegian
payment service at some point.
I followed the test plan and everything works as advertised. Turning
off the "opac payments option" makes the option dissappear cleanly
from the OPAC. I have *not* looked at the code or done any
considerations about security.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: DBRev 17.05.00.008
Jonathan Druart [Tue, 19 Sep 2017 16:03:50 +0000 (13:03 -0300)]
Bug 6758: DBRev 17.05.00.008

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: DBIC Schema changes
Jonathan Druart [Tue, 19 Sep 2017 16:20:41 +0000 (13:20 -0300)]
Bug 6758: DBIC Schema changes

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: Use 'is' instead of 'ok' in tests
Jonathan Druart [Tue, 19 Sep 2017 16:13:47 +0000 (13:13 -0300)]
Bug 6758: Use 'is' instead of 'ok' in tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: [QA Follow-up] Typo popular vs populate
Marcel de Rooy [Fri, 4 Aug 2017 07:03:43 +0000 (09:03 +0200)]
Bug 6758: [QA Follow-up] Typo popular vs populate

Typo popular resolved.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 6758: Add new patron column for date of renewal
Kyle M Hall [Tue, 25 Apr 2017 17:27:00 +0000 (13:27 -0400)]
Bug 6758: Add new patron column for date of renewal

Test Plan:
1) Apply this patch
2) Run updatedatabase
3) Create a new patron
4) Note the new column date_renewed is NULL
5) Renew the patron
6) Note the date in the column date_renewed is today's date

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19195: Do not explicitely force scalar context when unecessary
Jonathan Druart [Tue, 19 Sep 2017 14:57:10 +0000 (11:57 -0300)]
Bug 19195: Do not explicitely force scalar context when unecessary

These ones are already called in scalar context

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19195: Preventing noisy warns when creating or editing a basket
Aleisha Amohia [Tue, 29 Aug 2017 05:02:29 +0000 (05:02 +0000)]
Bug 19195: Preventing noisy warns when creating or editing a basket

To test:
1) Open the koha intranet error log
2) Go to Acquisitions -> Find or create a vendor
3) Create a new basket, filling all fields
4) Notice warns in error log
5) Edit this basket
6) Notice warns in error log
7) Apply patch
8) Create another basket, confirm warns do not show
9) Edit this basket, confirm warns do not show

Sponsored-by: Catalyst IT
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19332 - Basket grouping PDF and CSV exports empty
Dobrica Pavlinusic [Mon, 18 Sep 2017 15:37:21 +0000 (17:37 +0200)]
Bug 19332 - Basket grouping PDF and CSV exports empty

This bug was introduced in commit 2bf3ce268de6bc8b2386cfb5d768f60b05d75f44
Bug 17196: [QA Follow-up] Additional fix on acqui/basketgroup

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19180: [FOLLOW-UP] Renaming all instances of 'name' variable to 'booksellername'
Aleisha Amohia [Tue, 29 Aug 2017 21:21:00 +0000 (21:21 +0000)]
Bug 19180: [FOLLOW-UP] Renaming all instances of 'name' variable to 'booksellername'

... when referring to the name of the vendor.

To test:
1) Confirm vendor shows on webpage title (tab name)
2) Confirm vendor shows in breadcrumbs
3) Confirm vendor shows in heading when viewing basket ('Basket x (1) for
vendor')

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19180: Add vendor name to breadcrumbs when closing an order
Aleisha Amohia [Sun, 27 Aug 2017 23:00:15 +0000 (23:00 +0000)]
Bug 19180: Add vendor name to breadcrumbs when closing an order

To test:
1) Go to Acquisitions
2) Find a vendor and a basket
3) Click 'Close basket' button
4) Notice that on confirmation page, breadcrumbs are missing vendor
5) Apply patch and refresh page
6) Vendor name should now show
7) Confirm link to vendor works as expected

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16204: Show friendly error message if trying to edit record which no longer exists
Aleisha Amohia [Wed, 30 Aug 2017 04:36:50 +0000 (04:36 +0000)]
Bug 16204: Show friendly error message if trying to edit record which no longer exists

To test:
1) Create a record
2) Click Edit -> Edit record. open this in another tab
3) Delete the record in the original tab
4) Refresh the edit form in the other tab. Notice the software error
5) Apply patch and refresh page
6) There should be a nice error message with the form fields and buttons
hidden. Confirm links work as expected.

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire.gravely@bsz-bw.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18541: (QA follow-up) Add some POD for draw_guide_grid
Marc Véron [Wed, 6 Sep 2017 15:46:27 +0000 (17:46 +0200)]
Bug 18541: (QA follow-up) Add some POD for draw_guide_grid

Add description to POD for draw_guide_grid

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended: Moved the description from draw_guide_box to .._grid.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18541: [QA Follow-up] Add POD to Patroncard.pm
Marcel de Rooy [Wed, 6 Sep 2017 14:14:26 +0000 (16:14 +0200)]
Bug 18541: [QA Follow-up] Add POD to Patroncard.pm

Just adding the POD framework to make qa tools happy. The authors
are encouraged to complete this information.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18541: (QA follow-up) Fix wrong variable name ($layout_xml vs $print_layout_xml)
Marc Véron [Wed, 6 Sep 2017 13:56:55 +0000 (15:56 +0200)]
Bug 18541: (QA follow-up) Fix wrong variable name ($layout_xml vs $print_layout_xml)

This patch changes variable names as mentioned in comments #11 and #13

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18541 - Patron card creator: Add a grid to support layout design
Marc Véron [Thu, 4 May 2017 15:36:24 +0000 (17:36 +0200)]
Bug 18541 - Patron card creator: Add a grid to support layout design

Add a layout grid to patron card creator to figure out the positions of text
fields, barcode and images.

To test:
- Apply on top of patch 18465
- Go to Home > Tools > Patron card creator
- Edit or create a layout
- Turn on new choice 'Guide grid' in section 'General settings'
- Leave 'Units' unchanged
- Crate a PDF using 'Card batches'
- Notice that card is printed with a layout grid that reflects selected unit
  with each 5th and 10th line in different color, unit description displayed
  bottom left, card dimensions displayed top right in small print inside the
  layout grid
- Print PDF. Set printer settings in Adobe Reader or other PDF printing
  software to 'Actual size' to prevent scaling to printer's printable
  region
- Mesure out printed PDF and verify that grid corresponds to selecte unit.
- Go back to layout definition and choose an other unit, repeat steps
  to verify that grid respects selected unit.
- Go back to layout definition, turn grid off, create PDF, verify that grid
  does not display in PDF

Note for testers / QAers: Position of card elements (text, image...) do not
respect the unit, this will be fixed in Bug 18550

Followed test plan and it worked as intended
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18739 - Add SVG version of staff-home-icons-sprite image
Owen Leonard [Tue, 6 Jun 2017 18:35:07 +0000 (18:35 +0000)]
Bug 18739 - Add SVG version of staff-home-icons-sprite image

Images display correctly. Followed test plan and patch works as described.

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 15644 - City dropdown default selection when modifying a patron matches only...
Owen Leonard [Thu, 8 Jun 2017 16:01:32 +0000 (16:01 +0000)]
Bug 15644 - City dropdown default selection when modifying a patron matches only on city

This patch modifies the include files which contain the form fields for
city, state, zipcode, etc. shown on the patron entry screen. The files
are modified so that the city/state/zip <select> preselects a value
based on city, state, and zipcode matching the values in the
corresponding text fields.

To test, confirm that the bug's steps to reproduce are fixed:

- Enter two cities via Administration -> Patrons and circulation
  -> Cities and towns:
    Springfield, MA 01101
    Springfield, VT 05156
- Edit a patron choosing, Springfield VT, and save.
- Edit the patron again and confirm that the correct city is
  pre-selected.
- Confirm this result with all three different settings of the
  "AddressFormat" system preference.

Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18149: Move CountUsage calls to Koha namespace
Marcel de Rooy [Thu, 29 Jun 2017 11:03:39 +0000 (13:03 +0200)]
Bug 18149: Move CountUsage calls to Koha namespace

After the introduction of Koha::Authorities->get_usage_count with bug
9988, we can now replace the remaining occurrences of CountUsage.

At the same time we remove CountUsageChildren. This was an empty sub.
The typo get_count_usage in a subtest title is adjusted.

Test plan:
[1] Run t/db_dependent/Koha/Authorities.t
[2] Perform a search on authorities-home.pl and verify that you see
    plausible numbers for 'used in xx records'.
[3] Click on Details for one authority. See the same number?
[4] Do the same as in 2/3 for Authority search on OPAC.
[5] Remember the authid and enter this in the record numbers box on
    tools/batch_delete_records.pl. Select Authorities and click
    Continue. The next form shows a column "Used in". Do you see
    the same count again?
[6] Git grep CountUsage.
    You should see just one hit in a comment that can be kept in
    Koha/Authorities.pm.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: DBRev 17.05.00.007
Jonathan Druart [Tue, 19 Sep 2017 14:46:51 +0000 (11:46 -0300)]
Bug 10132: DBRev 17.05.00.007

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Simplify code, call the method only once
Jonathan Druart [Tue, 19 Sep 2017 12:59:36 +0000 (09:59 -0300)]
Bug 10132: Simplify code, call the method only once

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: (QA followup) Open LOC URL on a separate window
Tomas Cohen Arazi [Mon, 11 Sep 2017 19:14:41 +0000 (16:14 -0300)]
Bug 10132: (QA followup) Open LOC URL on a separate window

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: (QA followup) Add POD to ->get_effective_marcorgcode
Tomas Cohen Arazi [Mon, 11 Sep 2017 19:08:09 +0000 (16:08 -0300)]
Bug 10132: (QA followup) Add POD to ->get_effective_marcorgcode

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: (QA followup) Organize tests in subtest
Tomas Cohen Arazi [Mon, 11 Sep 2017 19:02:00 +0000 (16:02 -0300)]
Bug 10132: (QA followup) Organize tests in subtest

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Add ability to set MARC Organization Code at library level
Josef Moravec [Sun, 11 Jun 2017 19:23:41 +0000 (19:23 +0000)]
Bug 10132: Add ability to set MARC Organization Code at library level

Test plan:
0. Apply patches
1. Update database
2. Go to administration -> libraries, try to update some library and
fill in some value into Marc Organization code field
3. Save this library and edit again - the code should be stored
correctly
4. Go to system preferences and fill in some value into MARCOrgCode
preference, note there is enhanced description mentioning the ability to
set organization code on library level
5. Set active library to the one with own org code stored
6. Go to cataloguing, create new empty record and click into field 003 -
there should be the code you filled for that library
7. Set active library to one withou marc org code
8. Go to cataloguing, create new empty record and click into field 003 -
there should be the code from system preference
9. Go to system preferences again and set AutoCreateAuthorities to
'generate' and BiblioAddsAuthorities to 'allow'
10. Go to cataloguing and create some biblio record, fill in any author
in to create its authority record, save the biblio
11. Go to authorities and find this created authority, go to details and
check the fields: 003, 040$a, 040$c, 670$a - there should be used right org code
12. prove t/db_dependent/AuthoritiesMarc.t t/db_dependent/Biblio.t t/db_dependent/Koha/Libraries.t

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Admin pages changes
Josef Moravec [Sun, 11 Jun 2017 19:22:06 +0000 (19:22 +0000)]
Bug 10132: Admin pages changes

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Unit tests
Josef Moravec [Sun, 11 Jun 2017 19:48:50 +0000 (19:48 +0000)]
Bug 10132: Unit tests

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: DBIC update
Josef Moravec [Sun, 11 Jun 2017 19:21:16 +0000 (19:21 +0000)]
Bug 10132: DBIC update

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 10132: Database changes
Josef Moravec [Sun, 11 Jun 2017 19:19:38 +0000 (19:19 +0000)]
Bug 10132: Database changes

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18810: Update Font Awesome to 4.7.0
Josef Moravec [Tue, 20 Jun 2017 11:06:47 +0000 (13:06 +0200)]
Bug 18810: Update Font Awesome to 4.7.0

Test plan:

0) Apply the patch
1) Edit a template and use any of the new icons, see
http://fontawesome.io/icons/
2) Verify that the added icon is shown

For alternative test see comment #2. Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18742: (QA followup) Fix indentation
Julian Maurice [Fri, 1 Sep 2017 14:07:36 +0000 (16:07 +0200)]
Bug 18742: (QA followup) Fix indentation

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18742: Circulation statistics wizard no longer exports the total row
Nick Clemens [Wed, 7 Jun 2017 14:56:47 +0000 (10:56 -0400)]
Bug 18742: Circulation statistics wizard no longer exports the total row

To test:
- Run the circulation wizard
- Export to csv
- Note there is no total row
- Apply patch
- Export to csv
- Total row totally there!

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19335: Fix 00-merge-conflict-markers.t when dockerised
Jonathan Druart [Mon, 18 Sep 2017 17:23:54 +0000 (14:23 -0300)]
Bug 19335: Fix 00-merge-conflict-markers.t when dockerised

This does not make sense, but fix a bug (why?)
Without this patch, the tests failed on po files:

[17:14:26] t/00-merge-conflict-markers.t .. Failed 1/1 subtests
Test Summary Report
-------------------
t/00-merge-conflict-markers.t (Wstat: 9 Tests: 0 Failed: 0)
  Non-zero wait status: 9
  Parse errors: Bad plan.  You planned 1 tests but ran 0.
Result: FAIL

Note that this is not related to bug 19227.

if the ^>>>>>> and ^<<<<<< matches are done on the same line, the test fail
As saw it failed on *-pref.po files
  misc/translator/po/kn-Knda-pref.po
  misc/translator/po/ja-Jpan-JP-pref.po
  misc/translator/po/nl-BE-pref.po
  misc/translator/po/sr-Cyrl-pref.po

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19337: Make basic_workflow.t configurable through ENV
Tomas Cohen Arazi [Mon, 18 Sep 2017 18:58:15 +0000 (15:58 -0300)]
Bug 19337: Make basic_workflow.t configurable through ENV

This patch makes the basic_workflow.t selenium tests read ENV for the
following vars:

KOHA_USER
KOHA_PASS
KOHA_INTRANET_URL
SELENIUM_ADDR
SELENIUM_PORT

to properly configure the running environment. If absent, all variables
fallback to current behaviour:

KOHA_USER // 'koha'
KOHA_PASS // 'koha'
KOHA_INTRANET_URL (unchanged)
SELENIUM_ADDR // 'localhost'
SELENIUM_PORT // 4444

[*] Selenium defaults are documented on the Selenium::Remote::Driver docs.

Prerequisites:
Make sure you have a working environment for the Selenium tests:
- Run:
  $ sudo apt update
  $ sudo apt install xvfb firefox-esr

To test:
- Run:
  $ sudo koha-shell kohadev
 k$ cd kohaclone
 k$ wget https://selenium-release.storage.googleapis.com/2.53/selenium-server-standalone-2.53.1.jar \
     -O /tmp/selenium.jar
 k$ SELENIUM_PATH=/tmp/selenium.jar
 k$ Xvfb :1 -screen 0 1024x768x24 2>&1 >/dev/null &
 k$ DISPLAY=:1 java -jar $SELENIUM_PATH &
 k$ prove t/db_dependent/selenium/basic_workflow.t
=> SUCCESS: Tests pass
- Apply this patch
- Run:
 k$ prove t/db_dependent/selenium/basic_workflow.t
=> SUCCESS: Tests pass!
- Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19059: [QA Follow-up] Typo holds for hold
Marcel de Rooy [Thu, 7 Sep 2017 12:34:18 +0000 (14:34 +0200)]
Bug 19059: [QA Follow-up] Typo holds for hold

Resolves:
The method found is not covered by tests at C4/Reserves.pm line 815.

Test plan:
Run t/db_dependent/Holds/CancelReserves.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>