]> git.koha-community.org Git - koha.git/log
koha.git
8 months agoBug 34478: actionType parameter not used - memberentry.pl
Tomas Cohen Arazi [Tue, 30 Jan 2024 15:32:50 +0000 (12:32 -0300)]
Bug 34478: actionType parameter not used - memberentry.pl

Bug 34478: [TO SQUASH] actionType parameter not used - memberentry.pl

syntax error at members/memberentry.pl line 103, near "\|"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - problem_reports
Nick Clemens [Tue, 30 Jan 2024 16:05:57 +0000 (16:05 +0000)]
Bug 34478: Manual fix - problem_reports

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Replace POST with GET - request.tt
Jonathan Druart [Tue, 30 Jan 2024 15:33:42 +0000 (16:33 +0100)]
Bug 34478: Replace POST with GET - request.tt

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - members/boraccount
Jonathan Druart [Tue, 30 Jan 2024 15:12:52 +0000 (16:12 +0100)]
Bug 34478: Rename action with op - members/boraccount

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Course reserves
Tomas Cohen Arazi [Tue, 30 Jan 2024 14:55:16 +0000 (11:55 -0300)]
Bug 34478: Manual fix - Course reserves

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - opac-shareshelf
Jonathan Druart [Tue, 30 Jan 2024 12:37:52 +0000 (13:37 +0100)]
Bug 34478: Manual fix - opac-shareshelf

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - opac-shelves (WIP)
Jonathan Druart [Tue, 30 Jan 2024 11:26:42 +0000 (12:26 +0100)]
Bug 34478: Manual fix - opac-shelves (WIP)

Share still needs attention, moved to "later"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Log if CSRF is wrong (debug)
Jonathan Druart [Tue, 30 Jan 2024 11:13:36 +0000 (12:13 +0100)]
Bug 34478: Log if CSRF is wrong (debug)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Fix new forms
Jonathan Druart [Tue, 30 Jan 2024 10:39:39 +0000 (11:39 +0100)]
Bug 34478: Fix new forms

New forms that need to be fixed after rebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud- in pl/pm - Manual branches.pl
Jonathan Druart [Tue, 30 Jan 2024 10:28:07 +0000 (11:28 +0100)]
Bug 34478: op =~ ^cud- in pl/pm - Manual branches.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - import_export_framework
Jonathan Druart [Tue, 30 Jan 2024 10:08:24 +0000 (11:08 +0100)]
Bug 34478: Rename action with op - import_export_framework

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Batch rm items (course reserves)
Tomas Cohen Arazi [Mon, 29 Jan 2024 20:13:10 +0000 (17:13 -0300)]
Bug 34478: Manual fix - Batch rm items (course reserves)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Batch add items (course reserves)
Tomas Cohen Arazi [Mon, 29 Jan 2024 20:05:47 +0000 (17:05 -0300)]
Bug 34478: Manual fix - Batch add items (course reserves)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Add items (course reserves)
Tomas Cohen Arazi [Mon, 29 Jan 2024 19:47:38 +0000 (16:47 -0300)]
Bug 34478: Manual fix - Add items (course reserves)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - change to post - guided_reports
Nick Clemens [Fri, 26 Jan 2024 19:15:17 +0000 (14:15 -0500)]
Bug 34478: Manual fix - change to post - guided_reports

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - change to post remove cud from confirm step - serials-collection
Nick Clemens [Fri, 26 Jan 2024 17:56:39 +0000 (12:56 -0500)]
Bug 34478: Manual fix - change to post remove cud from confirm step - serials-collection

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - remove cud from search op - authorities-home
Nick Clemens [Fri, 26 Jan 2024 17:45:21 +0000 (12:45 -0500)]
Bug 34478: Manual fix - remove cud from search op - authorities-home

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Switch to post, update op - neworderempty_duplicate
Nick Clemens [Fri, 26 Jan 2024 16:58:07 +0000 (11:58 -0500)]
Bug 34478: Manual fix - Switch to post, update op - neworderempty_duplicate

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Switch to post, update op, add missing include - basket
Nick Clemens [Fri, 26 Jan 2024 16:27:52 +0000 (11:27 -0500)]
Bug 34478: Manual fix - Switch to post, update op, add missing include - basket

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - fix ops and method - deletemem
Nick Clemens [Fri, 26 Jan 2024 16:01:18 +0000 (11:01 -0500)]
Bug 34478: Manual fix - fix ops and method - deletemem

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - Rename action with op change to post - merge-patrons
Nick Clemens [Fri, 26 Jan 2024 15:52:54 +0000 (10:52 -0500)]
Bug 34478: Manual fix - Rename action with op change to post - merge-patrons

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - circ/request-article
Jonathan Druart [Fri, 26 Jan 2024 10:35:20 +0000 (11:35 +0100)]
Bug 34478: Rename action with op - circ/request-article

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - circ/checkout-notes
Jonathan Druart [Fri, 26 Jan 2024 10:33:02 +0000 (11:33 +0100)]
Bug 34478: Rename action with op - circ/checkout-notes

svc/checkout_notes will need to be adjusted as well

Bug 34478: [TO SQUASH] Rename action with op - circ/checkout-notes

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - catalogue/search-history
Jonathan Druart [Fri, 26 Jan 2024 10:11:58 +0000 (11:11 +0100)]
Bug 34478: Rename action with op - catalogue/search-history

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - admin/library_groups
Jonathan Druart [Fri, 26 Jan 2024 10:02:56 +0000 (11:02 +0100)]
Bug 34478: Rename action with op - admin/library_groups

This is a bit dirty but it works.
form is not styling correctly when put within the li

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - admin/item_circulation_alerts
Jonathan Druart [Fri, 26 Jan 2024 09:28:06 +0000 (10:28 +0100)]
Bug 34478: Rename action with op - admin/item_circulation_alerts

Also fix possible XSS.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - admin/columns_settings
Jonathan Druart [Fri, 26 Jan 2024 09:06:20 +0000 (10:06 +0100)]
Bug 34478: Rename action with op - admin/columns_settings

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Rename action with op - acqui/cancelorder
Jonathan Druart [Fri, 26 Jan 2024 09:00:41 +0000 (10:00 +0100)]
Bug 34478: Rename action with op - acqui/cancelorder

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Remove no longer reference form
Martin Renvoize [Wed, 24 Jan 2024 11:44:02 +0000 (11:44 +0000)]
Bug 34478: Remove no longer reference form

Cleanup whilst we're here.. the form here isn't actually included
anywhere and the acompanying controller no longer exists.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Update label ops 'edit' to 'edit_form'
Martin Renvoize [Wed, 24 Jan 2024 11:09:22 +0000 (11:09 +0000)]
Bug 34478: Update label ops 'edit' to 'edit_form'

This serves to clarify that the 'edit' is not an update action in this
case, but instead is a form fetch.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud- in pl/pm - Manual parcels.pl
Jonathan Druart [Wed, 24 Jan 2024 11:12:22 +0000 (12:12 +0100)]
Bug 34478: op =~ ^cud- in pl/pm - Manual parcels.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - preferences
Jonathan Druart [Wed, 24 Jan 2024 10:27:01 +0000 (11:27 +0100)]
Bug 34478: Manual fix - preferences

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud- in pl/pm - Manual preferences.pl
Jonathan Druart [Wed, 24 Jan 2024 10:32:34 +0000 (11:32 +0100)]
Bug 34478: op =~ ^cud- in pl/pm - Manual preferences.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add method="get" to forms without method
Jonathan Druart [Tue, 23 Jan 2024 15:59:44 +0000 (16:59 +0100)]
Bug 34478: Add method="get" to forms without method

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Remove duplicated form in virtualshelves/downloadshelf.tt
Jonathan Druart [Tue, 23 Jan 2024 15:57:05 +0000 (16:57 +0100)]
Bug 34478: Remove duplicated form in virtualshelves/downloadshelf.tt

Just... don't ask... It's there since 2010

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - label-edit-profile (cud-save)
Martin Renvoize [Mon, 22 Jan 2024 11:56:37 +0000 (11:56 +0000)]
Bug 34478: Manual fix - label-edit-profile (cud-save)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - label-edit-template (cud-save)
Martin Renvoize [Mon, 22 Jan 2024 11:52:58 +0000 (11:52 +0000)]
Bug 34478: Manual fix - label-edit-template (cud-save)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - label-edit-layout (cud-save)
Martin Renvoize [Mon, 22 Jan 2024 11:13:41 +0000 (11:13 +0000)]
Bug 34478: Manual fix - label-edit-layout (cud-save)

Also updated 'cud-edit' in the controller back to 'edit' as it's a 'get'
request to display the form.. i.e. read not create, write or update.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - subscription-nuberpatterns (cud-del)
Nick Clemens [Fri, 19 Jan 2024 17:05:26 +0000 (17:05 +0000)]
Bug 34478: Manual fix - subscription-nuberpatterns (cud-del)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - subscription-frequencies (cud-del)
Nick Clemens [Fri, 19 Jan 2024 17:03:47 +0000 (17:03 +0000)]
Bug 34478: Manual fix  - subscription-frequencies (cud-del)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - parcels.pl (cud-confirm cud-new)
Nick Clemens [Fri, 19 Jan 2024 17:00:44 +0000 (17:00 +0000)]
Bug 34478: Manual fix - parcels.pl (cud-confirm cud-new)

Bug 34478: [TO SQUASH] Manual fix - parcels.pl (cud-confirm cud-new)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - edi_ean (cud-ediorder)
Nick Clemens [Fri, 19 Jan 2024 16:50:47 +0000 (16:50 +0000)]
Bug 34478: Manual fix - edi_ean (cud-ediorder)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - basketgroups
Nick Clemens [Fri, 19 Jan 2024 16:39:37 +0000 (16:39 +0000)]
Bug 34478: Manual fix - basketgroups

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - account refund - Add op param to forms
Kyle M Hall [Fri, 19 Jan 2024 16:22:53 +0000 (16:22 +0000)]
Bug 34478: Manual fix - account refund - Add op param to forms

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - delete baskets - Add csrf include
Kyle M Hall [Fri, 19 Jan 2024 15:25:35 +0000 (10:25 -0500)]
Bug 34478: Manual fix - delete baskets - Add csrf include

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - delete baskets
Kyle M Hall [Fri, 19 Jan 2024 14:19:58 +0000 (09:19 -0500)]
Bug 34478: Manual fix - delete baskets

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - account line discount
Kyle M Hall [Fri, 19 Jan 2024 14:16:46 +0000 (09:16 -0500)]
Bug 34478: Manual fix - account line discount

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - account refund
Kyle M Hall [Fri, 19 Jan 2024 14:15:19 +0000 (09:15 -0500)]
Bug 34478: Manual fix - account refund

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - account payout
Kyle M Hall [Fri, 19 Jan 2024 14:11:40 +0000 (09:11 -0500)]
Bug 34478: Manual fix - account payout

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Display programming errors in case plack.psgi caught something suspicious
Jonathan Druart [Wed, 13 Dec 2023 08:27:45 +0000 (09:27 +0100)]
Bug 34478: Display programming errors in case plack.psgi caught something suspicious

It will help developpers to debug the problematic places.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - duplicate_orders (cud-select)
Jonathan Druart [Wed, 13 Dec 2023 07:31:04 +0000 (08:31 +0100)]
Bug 34478: Manual fix - duplicate_orders (cud-select)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - preferences
Jonathan Druart [Wed, 13 Dec 2023 07:23:54 +0000 (08:23 +0100)]
Bug 34478: Manual fix - preferences

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - memberentry (modify)
Jonathan Druart [Tue, 12 Dec 2023 16:03:58 +0000 (17:03 +0100)]
Bug 34478: Manual fix - memberentry (modify)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - batchMod
Jonathan Druart [Tue, 12 Dec 2023 15:43:21 +0000 (16:43 +0100)]
Bug 34478: Manual fix - batchMod

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud- in pl/pm
Jonathan Druart [Tue, 12 Dec 2023 15:43:08 +0000 (16:43 +0100)]
Bug 34478: op =~ ^cud- in pl/pm

This is the result of
  bash op_must_start_with_cud-perl.sh

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - additem
Jonathan Druart [Tue, 12 Dec 2023 15:26:51 +0000 (16:26 +0100)]
Bug 34478: Manual fix - additem

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Manual fix - opac-suggestions
Jonathan Druart [Tue, 12 Dec 2023 13:54:34 +0000 (14:54 +0100)]
Bug 34478: Manual fix - opac-suggestions

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Replace POST with GET when needed - add_form
Jonathan Druart [Tue, 12 Dec 2023 13:39:15 +0000 (14:39 +0100)]
Bug 34478: Replace POST with GET when needed - add_form

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Adjust selenium tests
Jonathan Druart [Tue, 12 Dec 2023 13:32:59 +0000 (14:32 +0100)]
Bug 34478: Adjust selenium tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add missing csrf-token.inc for opac
Jonathan Druart [Tue, 12 Dec 2023 13:12:20 +0000 (14:12 +0100)]
Bug 34478: Add missing csrf-token.inc for opac

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud- everywhere
Jonathan Druart [Tue, 12 Dec 2023 10:21:07 +0000 (11:21 +0100)]
Bug 34478: op =~ ^cud- everywhere

This is the result of
  perl op_must_start_with_cud.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op =~ ^cud-
Jonathan Druart [Fri, 22 Sep 2023 08:55:29 +0000 (10:55 +0200)]
Bug 34478: op =~ ^cud-

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op-cud - Trick CGI directly
Jonathan Druart [Thu, 21 Sep 2023 10:00:17 +0000 (12:00 +0200)]
Bug 34478: op-cud - Trick CGI directly

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op-cud - Rename op with op-cud in templates
Jonathan Druart [Thu, 21 Sep 2023 08:50:07 +0000 (10:50 +0200)]
Bug 34478: op-cud - Rename op with op-cud in templates

This is the result of
  perl rename_op_with_op-cud.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: op-cud - Adjust C4::Auth code
Jonathan Druart [Thu, 21 Sep 2023 08:23:41 +0000 (10:23 +0200)]
Bug 34478: op-cud - Adjust C4::Auth code

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Move C4::Auth check
Jonathan Druart [Thu, 21 Sep 2023 07:59:09 +0000 (09:59 +0200)]
Bug 34478: Move C4::Auth check

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Remove check_csrf from pl files
Jonathan Druart [Fri, 4 Aug 2023 09:37:52 +0000 (11:37 +0200)]
Bug 34478: Remove check_csrf from pl files

We should no longer need to check CSRF token from pl files

TODO - there is a change for some files where we returned 403

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Check CSRF in get_template_and_user
Jonathan Druart [Fri, 4 Aug 2023 09:32:27 +0000 (11:32 +0200)]
Bug 34478: Check CSRF in get_template_and_user

Not sure this is the right place in get_template_and_user
Will have to test login and 2FA

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add 'op' to opac-passwd
Jonathan Druart [Fri, 4 Aug 2023 09:13:14 +0000 (11:13 +0200)]
Bug 34478: Add 'op' to opac-passwd

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add 'op' to opac-user.tt
Jonathan Druart [Fri, 4 Aug 2023 09:06:16 +0000 (11:06 +0200)]
Bug 34478: Add 'op' to opac-user.tt

Bug 34478: [TO SQUASH] Add 'op' to opac-user.tt

Bug 34478: [TO SQUASH] Add 'op' to opac-user.tt

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Add missing CSRF token to POST forms
Jonathan Druart [Fri, 12 Jan 2024 14:00:48 +0000 (15:00 +0100)]
Bug 34478: Add missing CSRF token to POST forms

This is the result of
  % perl csrf_add_missing_csrf.pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Remove generate_csrf from pl
Jonathan Druart [Fri, 4 Aug 2023 09:15:54 +0000 (11:15 +0200)]
Bug 34478: Remove generate_csrf from pl

We do not longer need to generate_csrf from pl files

TODO - members/boraccount.tt and sco/sco-main.tt needs to be adjusted

Bug 34478: [TO SQUASH] Remove generate_csrf from pl

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Replace csrf_token input with include file - manual
Jonathan Druart [Fri, 4 Aug 2023 08:57:42 +0000 (10:57 +0200)]
Bug 34478: Replace csrf_token input with include file - manual

A couple of left not caught by the previous regex

Still TODO:
% git grep csrf_token **/*.inc **/*.tt
still shows example that needs to be replaced, later (because we use GET)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Replace csrf_token input with include file
Jonathan Druart [Fri, 4 Aug 2023 08:56:50 +0000 (10:56 +0200)]
Bug 34478: Replace csrf_token input with include file

perl -p -i -n -e 's#<input type="hidden" name="csrf_token" value="\[% csrf_token \| html %]" />#[% INCLUDE '\''csrf-token.inc'\'' %]#g' **/*.tt **/*.inc

This should have actually been done at the same time as
  "Bug 30524: (QA follow-up) Only generate CSRF token if it will be used"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34478: Replace get with post when needed
Jonathan Druart [Fri, 4 Aug 2023 08:32:17 +0000 (10:32 +0200)]
Bug 34478: Replace get with post when needed

This is what has been marked as done in "csrf_get.txt"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35955: Add tests
Jonathan Druart [Tue, 27 Feb 2024 07:56:24 +0000 (08:56 +0100)]
Bug 35955: Add tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35955: Cache CSRF token in template plugin
David Cook [Tue, 27 Feb 2024 06:05:24 +0000 (06:05 +0000)]
Bug 35955: Cache CSRF token in template plugin

This change uses the Koha::Cache::Memory::Lite cache to
cache the CSRF token, so that it is only generated once,
and is re-used by the Koha::Template::Plugin::Koha object
throughout the entire template processing for the HTTP request.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: Default to 'file' if pref does not exist
Jonathan Druart [Wed, 21 Feb 2024 08:42:16 +0000 (09:42 +0100)]
Bug 36098: Default to 'file' if pref does not exist

During the installer process there is a bunch of warnings
  "Use of uninitialized value $storage_method in string eq at"

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: (follow-up) extend test to check driver
David Cook [Thu, 15 Feb 2024 23:07:02 +0000 (23:07 +0000)]
Bug 36098: (follow-up) extend test to check driver

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: Fix storage_method pass
David Cook [Thu, 15 Feb 2024 22:49:19 +0000 (22:49 +0000)]
Bug 36098: Fix storage_method pass

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: Allow to pass storage_method
Jonathan Druart [Thu, 15 Feb 2024 13:05:21 +0000 (14:05 +0100)]
Bug 36098: Allow to pass storage_method

Will need this on follow-up bugs.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: (QA follow-up) Add POD to Koha::Session
Martin Renvoize [Thu, 15 Feb 2024 11:53:02 +0000 (11:53 +0000)]
Bug 36098: (QA follow-up) Add POD to Koha::Session

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36098: Add Koha::Session module to ease session handling
David Cook [Thu, 15 Feb 2024 02:49:18 +0000 (02:49 +0000)]
Bug 36098: Add Koha::Session module to ease session handling

This patch adds a Koha::Session module that makes it easier
to work with Koha sessions without needing the full C4::Auth module.

Test plan:
0. Apply the patch
1. Run the following unit tests:
prove ./t/db_dependent/Auth.t
prove ./t/db_dependent/Auth_with_cas.t
prove ./t/db_dependent/Koha/Session.t
2. Observe that they all pass

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35935: Ensure login branch will be used after incorrect login
Jonathan Druart [Tue, 30 Jan 2024 08:02:19 +0000 (09:02 +0100)]
Bug 35935: Ensure login branch will be used after incorrect login

If a different branch is selected after an incorrect login, the previous
branch will be used.

To recreate:
* login with foo/bar, select CPL => FAIL
* login with koha/koha, select another branch => OK but CPL is picked!

It was caused by a dup of "branch" in CGI param list (and first was
picked).

This patch patch also removes "koha_login_context" to not have it twice.
You can also open the source of the page to confirm that form#loginform
contains "branch" and "koha_login_context" in hidden inputs.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Tested in KTD. Works as advertised.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36092: Pass sessionID at the end of get_template_and_user
Jonathan Druart [Wed, 14 Feb 2024 08:45:45 +0000 (09:45 +0100)]
Bug 36092: Pass sessionID at the end of get_template_and_user

It seems safer to pass the logged in user and session info at the end of
the sub.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36092: Pass the sessionID from checkauth if we hit auth
Jonathan Druart [Wed, 14 Feb 2024 09:33:11 +0000 (10:33 +0100)]
Bug 36092: Pass the sessionID from checkauth if we hit auth

If we hit the auth page we were not passing sessionID to the template

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36092: Add test
Jonathan Druart [Wed, 14 Feb 2024 09:56:17 +0000 (10:56 +0100)]
Bug 36092: Add test

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35918: Fix auto library connect (AutoLocation)
Jonathan Druart [Fri, 26 Jan 2024 07:58:17 +0000 (08:58 +0100)]
Bug 35918: Fix auto library connect (AutoLocation)

This code is a bit weird, its purpose it to auto select the library depending on the IP.
A problem appears if the same IP is used, then the user's choice will
might be overwritten randomly by another library.

To recreate the problem:
Turn on AutoLocation
Use koha/koha @CPL for test
And the following config:
*************************** 1. row ***************************
branchcode: CPL
branchname: Centerville
  branchip: 172.18.0.1
*************************** 2. row ***************************
branchcode: FFL
branchname: Fairfield
  branchip: 172.18.0.1
*************************** 3. row ***************************
branchcode: FPL
branchname: Fairview
  branchip: 172.18.0.4

Connect and select CPL. Randomly FFL will be picked instead.

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Tested this on top of 35890 and 35904 because git bz said they were required dependencies.
Figured out the IP Koha was seeing me as coming from in /var/log/koha/kohadev/plack.log.
Added that IP to the branchip for Centerville, Fairfield and Fairview. Set AutoLocation = Yes.
After this I could recreate the problem: If i left the "Library" field in the login screen
at "My Library" I got logged into a random library selected from the three i had set
branchip for. Applying the patches fixed this, as expected.
Tests pass, with AutoLocation off.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35918: Add test
Jonathan Druart [Fri, 26 Jan 2024 07:57:03 +0000 (08:57 +0100)]
Bug 35918: Add test

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35890: Add tests for AutoLocation
Jonathan Druart [Thu, 25 Jan 2024 08:36:01 +0000 (09:36 +0100)]
Bug 35890: Add tests for AutoLocation

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35890: Reject login if IP is not valid
Jonathan Druart [Wed, 24 Jan 2024 15:25:30 +0000 (16:25 +0100)]
Bug 35890: Reject login if IP is not valid

Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35904: (QA follow-up): tidy up code
Victor Grousset/tuxayo [Thu, 15 Feb 2024 03:18:37 +0000 (04:18 +0100)]
Bug 35904: (QA follow-up): tidy up code

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35904: Make C4::Auth::checkauth testable easily
Jonathan Druart [Thu, 25 Jan 2024 09:35:41 +0000 (10:35 +0100)]
Bug 35904: Make C4::Auth::checkauth testable easily

This patch suggests to add a new flag do_not_print to
C4::Auth::checkauth to not print the headers and allow to test this
subroutine more easily.

We do no longer need to mock safe_exit and redirect STDOUT to test its
return values.

There are still 3 left:
1.
733         # checkauth will redirect and safe_exit if not authenticated and not authorized
=> Better to keep this one, not trivial to replace

2.
806         # This will fail on permissions
This should be replaced but testing $template->{VARS}->{nopermission}
fails, I dont' think the comment is better.

3.
828         # Patron does not have the borrowers permission
Same as 2.

2. and 3. should be investigated a bit more.

This patch also move duplicated code to set patron's password to a
subroutine set_weak_password.

Test plan:
Read the code and confirm that everything makes sense.
QA: Do you have a better way for this? Yes it's dirty!

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35904: Remove var loggedin
Jonathan Druart [Wed, 24 Jan 2024 15:24:51 +0000 (16:24 +0100)]
Bug 35904: Remove var loggedin

It is never used and add confusion

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36019: Remove dead code in tags/review
Jonathan Druart [Wed, 7 Feb 2024 14:54:28 +0000 (15:54 +0100)]
Bug 36019: Remove dead code in tags/review

Since bug 20489 it is no longer possible to login with the DB user.
At the time, get_template_and_user returned borrowernumber=0 in this case.

In tags/review.pl we have:
  $borrowernumber == 0 and push @errors, {op_zero=>1};

This condition is never met, and op_zero related code can be removed in the template.

Test plan:
Confirm the above

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 36017: Remove dead code in admin/clone-rules
Jonathan Druart [Wed, 7 Feb 2024 14:42:40 +0000 (15:42 +0100)]
Bug 36017: Remove dead code in admin/clone-rules

Since
  commit 61628c97c245e72c750b61d9df6fa9b9100f3093
  Bug 18936: (follow-up) Add cloning of circulation rules back to Koha

There are some dead code in admin/clone-rules.

"result" is always passed to the template.

Test plan:
Confirm the above and that cloning rules from the circ rules page still
works correctly.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35949: Remove useless code pointing to branchreserves.pl in request.tt
Jonathan Druart [Tue, 30 Jan 2024 15:40:17 +0000 (16:40 +0100)]
Bug 35949: Remove useless code pointing to branchreserves.pl in request.tt

messagetransfert is never set (it is from circ/waitingreserves.pl, `git grep messagetransfert`) and branchreserves.pl does not exist!

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34426: (QA follow-up) Polishing xt script
Marcel de Rooy [Fri, 23 Jun 2023 09:56:40 +0000 (09:56 +0000)]
Bug 34426: (QA follow-up) Polishing xt script

Test plan:
Run it again. Same results?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 34426: Add xt/find-missing-csrf.t
Martin Renvoize [Wed, 16 Jun 2021 10:04:42 +0000 (11:04 +0100)]
Bug 34426: Add xt/find-missing-csrf.t

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
8 months agoBug 35930: Add guards for plugins_enabled
Andreas Jonsson [Mon, 12 Feb 2024 11:16:02 +0000 (11:16 +0000)]
Bug 35930: Add guards for plugins_enabled

The 'new' method in Koha::Plugins returns undefined if
plugins are disabled.  Therefore, calls to this method
must be guarded by a check that plugins actually are enabled.

Test plan:

* Code inspection of patch, alternatively
* Activate the ill system by installing a backend such as
  koha-illbackend-libris:
  https://github.com/Libriotech/koha-illbackend-libris
* Make sure plugins are disabled in koha-conf.xml
* In the staff interface, go to ILL requests.
* The page should load without getting an error 500.

PA amended commit message: This is not related to ILL backends being plugins or not
This is about ILL batches, where checking for metadata enrichment plugins was missing 'enable_plugins' guard
Additionally, unrelated to batches, it's also about ILLAvailability, where checking for ILL availabililty plugins was missing enable_plugins guard

Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Hans PĂ„lsson <hans.palsson@hkr.se>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>