Chris Cormack [Thu, 26 May 2016 09:33:33 +0000 (21:33 +1200)]
Bug 16597: Fix XSS in opac-shareshelf
To test
1/ Go to /cgi-bin/koha/opac-shareshelf.pl?op="><script>alert('XSS')</script>&shelfnumber=5
2/ Notice you see a js alert
3/ Apply patch
4/ It is gone
Reported by
Alex Middleton at Dionach
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit c47c835672a8fcd8c7df79663443f01639fc7657) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 8d6486013b504fa652b43b2a20c3bb4da25034fd) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Jonathan Druart [Thu, 26 May 2016 11:03:55 +0000 (12:03 +0100)]
Bug 16599: Fix XSS in opac-shareshelf.pl
Test plan:
- Create a list with the name "<script>alert(1)</script>"
- On the shelf list, click on share
=> Without this patch you will see the JS alert
=> With this patch applied you won't see it
Reported by Kaybee at Dionach
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit a44a930c076fceca0f7193f488e187d9849f89b6) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 858e3b2043e0eb1ce5bb9a6c36b3b87afb69ae22) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Owen Leonard [Thu, 7 Apr 2016 16:11:58 +0000 (12:11 -0400)]
Bug 16220 - The view tabs on opac-detail.pl are not responsive
When looking at the detail page for a bibliographic record, there are
tabs linking to the "Normal," "MARC," and "ISBD" views. These tabs need
to be styled responsively so that they work well at all browser widths.
This patch makes some slight markup changes to the templates and updates
the LESS files to add responsive styling.
This patch does not include the compiled CSS file, so the follow-up is
required to test the visual changes.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 0fcbf1efe10a4269e3705dce10ef632e1739dbb1) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit c760866e237b758bd34d3a6cb6283592bf7c3416) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Owen Leonard [Tue, 3 May 2016 17:09:54 +0000 (13:09 -0400)]
Bug 16159 - guarantor section missing ID on patron add form
In the patron entry form template most <fieldset> and <legend> tags have
unique ids. This patch adds ids to fieldsets and legends which lack
them.
To test apply the patch and view the patron entry form. There should be
no visual changes. There should be no HTML validation errors triggered
by this change.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 553d06073b8af0ab6ed33393b22a953e3feca1e6) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit eba902ced599bce927c59c48ae930fd7d62cafb5) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Jonathan Druart [Mon, 2 May 2016 09:46:59 +0000 (10:46 +0100)]
Bug 16407: Simplify comments
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 671f81e877a3e23127a2e8078921760e9b449a27) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 4b0c36846117212cff4db09f06f719be5aea308e) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This test was using hardcoded borrower number, assuming they should be
present. Now we use TestBuilder.
Test plan:
Run the test.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Test pass before and after patch.
No errors
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d8d4277471908bf046d04b4e94eed6cd4c94f63b) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 9112e88901c419f54ba34ff4eab0a6a744b31990) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Owen Leonard [Tue, 3 May 2016 13:48:11 +0000 (09:48 -0400)]
Bug 16315 - OPAC Shelfbrowser doesn't display the full title
This patch adds subtitle information to the display of titles in the
OPAC's shelf browser.
To test, apply the patch and make sure OPACShelfBrowser is enabled.
- View the detail page for any title in the OPAC which has items.
- Click the "Browse shelf" link next to any item in the holdings table.
- The titles in the shelf browser should display with all subtitle
information as defined in Keywords to MARC mapping.
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Adding 245a and c as 'subtitle' in Keywords to Marc make them
show on shelf browser.
No errors.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 67f91f24e537ef93d0c121b68681dcdec9f417e1) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit b47e87d0820c3f2e1afa4679c13234abc4d86517) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Nick Clemens [Mon, 28 Mar 2016 20:09:01 +0000 (20:09 +0000)]
Bug 15682 - Only allow merging of 2 or more records form lsits (for consistency)
Test as above but on shelves.pl
Signed-off-by: Chris Cormack <chrisc@catalyst.net.z> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 9550e37fc66402500adf8bca7a1c90ee0104cdd0) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 9f1e23735f46a8b014d4a8983796f1b8b37cc9b4) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Nick Clemens [Mon, 28 Mar 2016 20:01:30 +0000 (20:01 +0000)]
Bug 15682 - Merging records from cataloguing search only allows to merge 2 records
To test:
1 - Perform a cataloging search
2 - Attempt to merge 0 results - should fail
3 - Attempt to merge 1 resutls - should fail
4 - Attempt to merge 2 results - should succeed
5 - Attempt to merge 3 results - should succeed
6 - Test any other amount of records and if more than 1 it should
succeed
**Note: On shelves.pl you can merge a single record. I think that is
incorrect so made this only work for 2. Will add a followup to fix
shelves.pl
Signed-off-by: Chris Cormack <chrisc@catalyst.net.z> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 8f1e5ad95fd78cbf09028e3d2dfe0b2b77d4dd21) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit aa8b468a13760b23c6ea29fddd43ade34e594af0) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Owen Leonard [Tue, 3 May 2016 13:59:01 +0000 (09:59 -0400)]
Bug 15194 - Drop-down menu 'Actions' has problem in 'Saved reports' page with language bottom bar
This patch changes the direction of the "actions" menu on the saved
reports page so that it popup up instead of down.
To test, apply the patch and go to Reports -> Saved reports.
- Click the "Actions" menu for any report and confirm that the menu
displays above the button instead of below it.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit de98a936751efc00d893f6e74e440416d66140b4) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 1e494ae15ed819512a9b04a3b7ffd76c38a36018) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Mark Tompsett [Mon, 8 Jun 2015 03:40:50 +0000 (23:40 -0400)]
Bug 14362: Regression tests
This should trigger the error. Attempts to shift system time
zones did not make sense as to the number of failures.
Added Time::Fake dependency, if it isn't installed these extra
tests don't run. There is a nice skip message about it.
Added License text.
TEST PLAN
---------
1) apply test patch
2) sudo dpkg-reconfigure tzdata
-- set your system time to GMT (Africa/Abidjan)
3) prove t/Circulation/AgeRestrictionMarkers.t
-- should not fail, even if you change system
time to any time.
4) sudo dpkg-reconfigure tzdata
-- set your timezone to Eastern
5) sudo date -s"2015-06-18 21:15:00"
6) date
-- should be past 9pm Eastern timezone
7) prove t/Circulation/AgeRestrictionMarkers.t
-- kaboom!
8) sudo date -s"2015-06-18 12:00:00"
9) date
-- should be noon Eastern timezone
10) prove t/Circulation/AgeRestrictionMarkers.t
-- success?! Time sensitive tests are bad tests.
11) sudo apt-get install libtime-fake-perl
12) prove t/Circulation/AgeRestrictionMarkers.t
-- kaboom!
-- changing timezone to anything other than GMT
should trigger a kaboom.
13) apply fix patch
14) prove t/Circulation/AgeRestrictionMarkers.t
-- should work all the time.
15) less t/Circulation/AgeRestrictionMarkers.t
-- the license text should be similar to
http://wiki.koha-community.org/wiki/Coding_Guidelines#Licence
16) koha qa test tools.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a2aba3c86f106603212eb2c5beb52c3cdfe49857) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Conflicts:
C4/Installer/PerlDependencies.pm
Mark Tompsett [Mon, 8 Jun 2015 01:26:53 +0000 (21:26 -0400)]
Bug 14362: PEGI15 Circulation/AgeRestrictionMarkers test fails
It is best to test when UTC date is a date in the future compared
to your timezone. I'm in Eastern, so right now, I expect this
test to fail for another 2.5 hours.
TEST PLAN
---------
1) prove t/Circulation/AgeRestrictionMarkers.t
-- fails for PEGI 15 after 9pm.
2) Apply patch
3) prove t/Circulation/AgeRestrictionMarkers.t
-- works.
4) koha qa test tools
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 73f55165bef229668a135bee7e8c90a2c9c3f0a7) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit c894bd4ab5401aec642089f00c9e6b3909e01d2b) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Alex Arnaud [Tue, 15 Mar 2016 15:36:28 +0000 (16:36 +0100)]
Bug 13877 - Make serialseq season name translatable regardless its position in a string
Signed-off-by: Chris Cormack <chrisc@catalyst.net.z> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit adb8d41053357eeb68fa148a04c2202df6e54974) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit e0f8aff8a958a0ce3b47e94939bb6d467c69ad1b) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Julian Maurice [Mon, 9 May 2016 09:42:05 +0000 (11:42 +0200)]
Bug 13041: Fix add of basket's manager when name contains a single quote
If you are trying to add a user as a manager of a basket in
acquisitions, a JavaScript error will be triggered if that user has a
single quote in their name (e.g. "O'Neil"). This patch corrects the
issue.
Also changed by this patch: Increased the size of the patron search
popup and made a correction to some invalid HTML.
To test you should have a patron whose name contains a single quote who
is also a user with permission to manage acquisitions.
- Apply the patch and go to Acquisitions.
- Locate an open basket and view the details for that basket.
- In the "Managed by" section, click the "Add user" button to trigger
the patron search popup.
- Search for the patron described above and click the "Add" button.
- In the parent window, the patron you chose should have been added to
the "Managed by" section.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 964a1888138e276a78be5d84a70559ace6418e79) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Marc Véron [Wed, 27 Apr 2016 10:38:58 +0000 (12:38 +0200)]
Bug 12721: (followup) Replace mysqlism by DBIx::Class
This patch removes the mysqlism (see comment #18)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Fixed QA tools complaints about missing lines before
and after =cut in POD.
- Change syspref to any combination of location|itype|ccode
=> Result: Table displays columns as appropriate
- Change syspref to some garbage
=> Result: Same as with empty syspref (was crashing without patch)
- Change syspref to valid combination with trailing |
=> Result: Table displays columns as appropriate (was crashing
without patch)
- Change syspref to a combination of valid and invalid fields
(location|blah|ccode)
=> Result: Table displays column of valid fields only (was crashing
without patch)
Signed-off-by: Aleisha <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 5fc93bce9b786797724539bea1a1689e959078e6) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 36392d8a0cc07c3d5de51ec53c529d3a7d777508) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Marc Véron [Sun, 18 Oct 2015 16:27:58 +0000 (18:27 +0200)]
Bug 12721 - Syspref StatisticsFields: Warning on About page and text change in System preferences
This patch adds a warning to the about page if the syspref 'StatisticsFields' is misconfigured.
Additionally, the text on Home > Administration > SystemPreferences for 'Statistics Fields'
is changed.
To test:
- Apply patch
- Edit syspref 'StatisticsFields'. Verify that the explanation makes sense.
- Leave field empty
=> verify that no message appears on About page, tab System information
- Insert valid field names, e.g. location|itype
=> verify that no message appears on the About page
- Add trailing char
=> verify that the warning message appears on the About page
- Fill in some garbage or misspell a field name
=> verify that the warning message appears on the About page
Signed-off-by: Aleisha <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 95f492b4d2505103269b295a34bab74804df9746) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit f6694ce92ff4b60aea1234e9a138853fb0406f18) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Jonathan Druart [Tue, 3 May 2016 07:58:33 +0000 (08:58 +0100)]
Bug 16426: follow-up of bug 15840 - correctly manage userid while inserting patrons
Bug 15840 tried to fix a bug but makes things more complicated than it
was before.
If an userid is not provided for 1 or more rows of the csv file, it
should not be updated. However, if a userid is provided and it already
used by an other patron, the import should fail for this row (but not
crash!).
Test plan:
0/ Create a patron with a userid=your_userid
1/ Use the import patron tool to update this userid
=> userid should have been updated
2/ Update another data and do not provide the userid
=> data should have been updated and not the userid
3/ Update another data and provide the userid, but set it to an empty
string, or '0'
=> data should have been updated and not the userid
4/ Update another patron, and set userid=your_userid
=> Update should fail and an error whouls be displayed ("already used by
another patron")
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 7b76b24fad305b0253eb1d779f074d265087ca73) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit b53075b58df01e65371e13dee0b6848d12a181f2) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Jonathan Druart [Tue, 3 May 2016 07:58:26 +0000 (08:58 +0100)]
Bug 16426: Add tests for ModMember - do not update userid
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit e883c19f3778c0247c11e6bdd3f27bbdd927468d) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit ea45e3f39ebdd2a33b7ea00730ef278ba0f461a7) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Jonathan Druart [Wed, 6 Apr 2016 14:59:02 +0000 (15:59 +0100)]
Bug 12752: FIX letter names in 3.15.00.041
3.15.00.041 was wrong, the name of the letter should not always been the
name of the first HOLD notice.
PREDUE_PHONE should be updated with the first name of the PREDUE notice,
same for OVERDUE_PHONE and OVERDUE
Signed-off-by: Chris Cormack <chrisc@catalyst.net.z> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 6d52cd63f351cd56f36492b80c10c0d8568ef03d) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 6ca552c2e86a4459ba8a68903b7ac60c614731af) Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Jonathan Druart [Wed, 6 Apr 2016 10:33:11 +0000 (11:33 +0100)]
Bug 15930: Make patron searches defaulting on 'contain'
The default patron search types has changed from 'contain' to
start_with. Users consider it as a bug.
This patch revert the previous changes to default on 'contain'.
Test plan:
Search for patrons in different places (guarantor, checkout, patron
module, acquisition module, etc.) and confirm that the default is always
'contain'
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit a8491dc156db9d746b0f5ddd6175b66bf1bfa4ab) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit f2c5b7b036a47289a069f89bf3e63ede548058d8) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Mason James [Fri, 1 Apr 2016 02:23:22 +0000 (15:23 +1300)]
Bug 1750 - Report bor_issues_top erroneous and truncated results.
Signed-off-by: Mason James <mtj@kohaaloha.com>
TEST PLAN
---------
1) Ensure you have some checkouts
2) Home -> Reports
-> Patrons with the most checkouts
3) Click 'Submit'
-- you get a list
4) Click a patron name.
5) Note the borrower number.
6) In MySQL run something like:
> UPDATE borrower SET firstname=NULL WHERE borrowernumber=####
7) Refresh the report page
-- name goes totally blank
8) apply patch
9) Refresh the report page
-- only first name is lost
10) run koha qa test tools
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit b859739c2a6dc899176276022782ac3af7a0ad0c) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 8f4df78bd46e9e9c02f2841ef6bd1bba2bb39c6c) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Setting X-Frame-Options to SAMEORIGIN is enough for mordern browsers:
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
The antiClickjack trick should be removed at the OPAC as we want to keep
the OPAC usable even if the user has disabled JS.
That means the OPAC will be vulnerable to XFS if a user is navigating
with a prehistoric browser:
Firefox 3.6.9 September 2010
IE 8 March 2008
Opera 10.5 March 2010
Safari 4 February 2009
Chrome 4.1.… somewhen 2010
Test plan:
Confirm that there are no regression of bug 15111 with modern browsers
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit d496d03e8aa3079e0d29837b27b31b9a55afd02e) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 57fc49475db35b965ea50e5b60114fa46b2be37f) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Mon, 22 Feb 2016 09:24:29 +0000 (09:24 +0000)]
Bug 15111: Do not include the antiClickjack legacy browser trick for greybox
Most of the scripts called via greybox (which uses iframe) don't include
doc-head-close. But some do.
This patch adds a popup parameter for these templates, not to include
the legacy browser trick and avoid the replacement of the location.
Test plan:
1/ Export patroncard and label
2/ translate itemtypes
3/ click on a idref link at the OPAC
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fc640d2a86f395ad392f84314bce22e8b4dab1fe) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 45e39882432dd9fdae0fc1b1ef7b7b8b09a9480a) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Fri, 13 Nov 2015 08:19:57 +0000 (08:19 +0000)]
Bug 15111: Change X-Frame-Options with SAMEORIGIN
There are some places where frames are used, the greybox JS plugin for
instance.
We need either to allow them from Koha or replace this plugin.
The easier for now is to switch the value from DENY with SAMEORIGIN.
Test plan:
- modify a record in a batch (tools/batch_record_modification.pl)
- click on preview marc
=> With only the previous patch you will get a blank page.
=> With this patch apply, it will work as expected.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fb167c0e4b897bf9a93b4fd6176b15e2d4dbd4df) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 201e1f239728f3656f5f71792a7d5ce9b5a05144) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Kyle M Hall [Mon, 2 Nov 2015 17:11:17 +0000 (12:11 -0500)]
Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks
Web pages that can be embedded in frames are vulnerable to cross-frame
scripting attacks. Cross-frame scripting is a type of phishing attack
that involves instructions to an unsuspecting user to follow a specific
link to update confidential information in an online application.
Because the link leads to a legitimate page from the online application
that is embedded in a frame hosted by the attackers' server, the
attackers can capture all the information that the user enters.
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit dc03bca76cf5b7cb48d98d1ce245fc65b98be929) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit c97a01e1330ab5b1b1df7029d2149efa0deb19a4) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Mon, 4 Apr 2016 13:45:48 +0000 (14:45 +0100)]
Bug 16179: Do not crash if "rate me" is clicked and not rate selected
If JS is disabled and a user clicks on the "Rate me" button, Koha will
crashes with:
DBIx::Class::ResultSet::create(): Column 'rating_value' cannot be null
at /usr/share/koha/lib/C4/Ratings.pm line 208
To avoid that, opac-ratings.pl will check if a rate has been selected.
Test plan:
Disable JS
On a record detail page, click on the "Rate me" button
TESTED PLAN:
1) go to /cgi-bin/koha/opac-ratings.pl?biblionumber=1
-- kaboom as above.
2) apply patch
3) refresh
-- either login screen (don't know why)
-- or if already logged in, detail page.
4) koha qa test tool
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I tested successfully by temporarily removing the modification made by
Bug 16210.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit b679cac96409b7248f8e224e10c73dafa4c82890) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit a965702c08f84d8d770fb81e09f13bee8e922bba) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Alex Arnaud [Tue, 16 Feb 2016 15:33:17 +0000 (16:33 +0100)]
Bug 15832 - Fix filter and items split-up in pendingreserves.tt
Test plan:
- Go to circ/pendingreserves.pl (Ensure that there are biblios with many
items on different branches),
- Check the libraries filter at the bottom of datatable. There should be
duplicates.
- Apply this patch and return to circ/pendingreserves.pl,
- check that libraries filter should not contain duplicate,
- check that the filter works.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 82be93af1ccbd3544646a6345ab51183a62d05cb) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 4f699275a76107f3a210a199dc9cadd5da2560f3) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Bug 15113: koha-rebuild-zebra should check USE_INDEXER_DAEMON and skip if enabled
This patch changes the behaviour of the koha-rebuild-zebra script in the following way:
USE_INDEXER_DAEMON=no
- Keeps the current behaviour
USE_INDEXER_DAEMON=yes
- It skips incremental indexing to avoid races.
Caveats:
- A --force option is introduced for useing in a specific situtation that might need it
(i.e. the administrator knows what he's doing).
- If --full is passed, the reindexing is not skipped.
The documentation files and messages are adjusted accordingly.
This patch should help users that want to use the indexing daemon, in which case they wouldn't need
to change their default 5 min cronjob (it will be just skipped). Ultimately, koha-common could have
USE_INDEXER_DAEMON = yes by default, but that's subject for another bug report.
To test:
- Play with the different option switches and USE_INDEXER_DAEMON
- Things work as expected
- Sign off
Regards
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as expected
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Your Full Name <your_email>
(cherry picked from commit 997ad166c6ea53d47e3e15e7720d63da9f3b0a80) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 67dd96545bf8fdabdc98428438cbd92a5ae33c9f) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Julian Maurice [Thu, 7 Jan 2016 14:38:57 +0000 (15:38 +0100)]
Bug 14816: Fix multiple selection in item search
Send each selected value as a separate parameter. Otherwise DataTables
(or jQuery ?) joins all values with a comma
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
I could not reproduce the bug when selecting multiple home libraries,
but I could by selecting multiple item types or collection codes. The
patch allowed those queries to complete correctly.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 9aa8bf46f6b45ebcd342c09bd3a09ae55f3dd4a8) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 47ebb4ffb1869b52f1c011e3a6b236b85b0e51ab) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Nick Clemens [Fri, 26 Feb 2016 21:08:55 +0000 (21:08 +0000)]
Bug 15928 - Show unlinked guarantor
To test:
1 - Add guarantor data to patron account by typing it in but do not 'Set to patron'
2 - Note it is not displayed on patron details
3 - Apply patch
4 - Note the info is displayed
5 - Test that linked guarantors show as expected
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit bebb61739f4460295151a37d44cc1a2d6f956d26) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Julian Maurice [Thu, 14 Apr 2016 12:29:38 +0000 (14:29 +0200)]
Bug 15962: Block the currency deletion if used
A currency should not be deleted if used by a vendor or a basket.
Test plan:
1/ Add a new currency
2/ Create a vendor using this currency
3/ Create a basket using this currency
4/ Try to delete the currency
5/ Delete the basket
6/ Try to delete the currency
7/ Delete the vendor
8/ Delete the currency
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit c20496aea938e1faaa53daff5e2cf3d697b0eac9) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Marc Véron [Wed, 23 Mar 2016 07:11:49 +0000 (08:11 +0100)]
Bug 16133: Translatability of database administrator account warning
This patch removes sentence splitting of the database administrator warning with
a button styled link.
Additionally, it uses the same wording as in the warning on the 'About' page.
To test:
- Apply patch
- Log in to Staff client as database administration user
- Verify that the wording of the warning is the same as on the About page (Tab
'System information')
- Verify that the link to the patron administration page is styled as a button
and behaves correctly
NOTE: Actually, the category is irrelevant. But I like the improved message.
Categories may or may not be set up at the initial log in.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit e53b80dedf91617f9eecb9defd2d6f5222f03d65) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit c6a049167f9f1b4d4df81520900b23d2b9e0ea46)
Owen Leonard [Thu, 17 Mar 2016 13:08:39 +0000 (09:08 -0400)]
Bug 16047 [Follow-up] Software error on deleting a group with no category code
This follow-up take the original patch a little further, making category
name required on the entry form as well. Without a category name there
is no label in the interface when selecting a category. That doens't
make any sense.
Also changed on the group entry form:
- Added "required" attribute to labels on required fields.
- Changed "Update" submit button label to "Submit."
- Added a "Cancel" link.
- Added the "validated" class to the form so that our built-in
validation script will process it (not strictly necessary but makes
the validation appearance more consistent).
Followed test plan, form displays and behaves as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit df127ebad814ad1710b161b85a69d408de95de85) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit c514e1fee2890660caa36c1dae62bcfbc6f72fc3) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Aleisha [Thu, 10 Mar 2016 21:49:57 +0000 (21:49 +0000)]
Bug 16047: Making category code a required field on creating a group
This will prevent users from creating a group without a category code,
which causes a software error when you try to delete it
To test:
1) Go to Admin -> Libraries and groups
2) Create new group without category code
3) Attempt to delete the group you just created and notice software
error
4) Apply patch
5) Create new group without category code
6) Notice you now cannot save the group without putting in a category
code
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 577aa86eb96160088c70008bfe85ae2c0820f547) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 730cfb59258841572d19ffd9eedf36571edc100a) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Aleisha [Sun, 13 Mar 2016 23:40:53 +0000 (23:40 +0000)]
Bug 16029: Hide patron toolbar if patron does not exist
To test:
1) Create a patron, take note of the borrower number
2) Delete the patron
3) Navigate to the page of the patron you just deleted by typing the url (ie /cgi-bin/koha/members/moremember.pl?borrowernumber=X)
4) Confirm that the patron toolbar is not showing on the page
5) The message now has a link that says 'Find another patron?'. Click this link and confirm you are taken to the member home pgae.
Sponsored-by: Catalyst IT
Followed test plan, works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 1870141874667d854f9b5508c563169baefb2328) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit e0ad205512af9dba2a9d5cad70bf6fdffecc6e17) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Owen Leonard [Fri, 18 Mar 2016 13:41:15 +0000 (09:41 -0400)]
Bug 15984 - Correct templates which use the phrase "issuing rules"
This patch corrects two places in the templates where the phrase
"issuing rules" is used instead of "circulation and fine rules."
To test, apply the patch and view the help pages for Administration ->
Circulation and fine rules; and Tools -> Automatic item modification by
age. Confirm that the term "circulation and fine rules" is used instead
of "issuing rules."
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 98a9e30f040661e0a67a594f72abd8ab02cf9ad6) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 1c1d9558eb6df6f44e96d204e8e6683e3ae04491) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Fri, 12 Feb 2016 11:49:28 +0000 (11:49 +0000)]
Bug 14076: Do not use CGI->param in list context - opac-authorities-home.pl
See bug 15809 for more info on why we should not use CGI->param in list
context.
Note: I have not found any places where several values for the same
params are passed to this script but, just in case, this patch won't
change this ability.
Test plan:
Do an authority search at the OPAC
Test with several values of the form.
Confirm that the results are always the same before and after this
patch.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 3fa2b10150a9ea2db2897be1246cba3785c55e55) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 182838a54498b4a00a4077779458cf005f5ec444) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Fri, 12 Feb 2016 11:32:02 +0000 (11:32 +0000)]
Bug 15809: Redefine multi_param is CGI < 4.08 is used
On debian Jessie, the CGI version is >= 4.08
Since this version, the param method raise a warning
"CGI::param called in list context".
Indeed, it can cause vulnerability if called in list context
There is a long journey to get rid of these warnings.
First I suggest to redefine the multi_param method when the CGI version
installed is < 4.08, it will allow us to move the wrong ->param calls to
->multi_param without waiting for everybody to upgrade.
The different ways to call these 2 methods are:
my $foo = $cgi->param('foo'); # OK
my @foo = $cgi->param('foo'); # NOK, will raise the warning
my @foo = $cgi->multi_param('foo'); #OK
$template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning
# and vulnerable
$template->param( foo => scalar $cgi->param('foo') ); # OK
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested a call to multi_param with CGI < 4.08.
With reference to the comments on Bugzilla, this workaround is arguable,
but provides a base to move to multi_param. If we come up with a better
solution, it should be easy to adjust.
Mason James [Fri, 1 Apr 2016 02:56:34 +0000 (15:56 +1300)]
Bug 16184 - Report bor_issues_top shows incorrect number of rows
TEST PLAN
---------
1) Have at least 6 patrons with checkouts and some checkins.
2) Reports -> Patrons with the most checkouts
3) Click 'Submit' (default is 5)
-- more than 5 entries listed.
4) Apply patch
5) Refresh page
-- only 5 entries listed.
6) Run koha qa test tools
NOTE: While this works, I'd be much happier with a refactor
as it would also speed up the report. See comment #5.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 2c68980467009a9d19116440d4f28356707e9e7c) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit bd4659d09f92135a7956496c44af555b5938c8c3) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Nick Clemens [Tue, 23 Feb 2016 20:41:57 +0000 (20:41 +0000)]
Bug 15888 - Syndetics Reviews preference should not enable LibraryThing reviews
To test:
1 - Enable Syndetics Reviews without a LibraryThing ID
2 - Check page source and note you have a stanza for LTFL tabbed reveiws
3 - Apply patch
4 - Reload page and note LTFL tabbed reviews are not present
5 - Enter a LibraryThing ID and not the tab is restored.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 541a03cf6daace451f78e614b8019382dcd52acc) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 9a7c37473042cbc0c533ea12e95273b7471d22a3) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Aleisha [Sun, 20 Mar 2016 23:24:18 +0000 (23:24 +0000)]
Bug 15866: Add confirm message for deleting rotating collection from toolbar
To test:
1) Go to Tools -> Rotating Collections
2) Click on any rotating collection ('Add or remove items' from drop down menu)
3) Click 'Delete' from toolbar. Validate you are now asked to confirm your deletion. Check that cancel works, then check that confirm works.
Sponsored-by: Catalyst IT Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
I've added the word 'rotating' before collection, to make
it clear for translators what is meant here.
Alex Arnaud [Wed, 17 Feb 2016 11:27:14 +0000 (12:27 +0100)]
Bug 15838 - Subscription duplicating: Reset fields from SubscriptionDuplicateDroppedInput syspef by getting them using name instead of id
How I tested:
Verified bug with start and end date (were not cleared without patch).
After applying the patch all fields defined in SubscriptionDuplicateDroppedInput
were cleared as expected.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 873a49f13b79bf1f5f7163f217cfc3a317ce602f) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 702002129787ceb2cdae61f6dc2352dff1afa84d) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Tue, 8 Mar 2016 14:09:09 +0000 (14:09 +0000)]
Bug 15722: Escape patron infos for JSON in patron searches
If patron infos contain invalid JSON chars (\t for instance), the
results won't appear.
The solution is to escape these info.
Test plan:
Edit patron infos in DB (update borrowers set surname="foobar\t" where
borrowernumber=42)
Search for foobar (you should have more than 1 result)
Without this patch, DT retrieves a bad formatted JSON and the results
won't appear.
With this patch, the table result appears
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit cd20b61a7c845110e518e6dedc12ac50efebe4aa) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit eba74c8e51a52432362150c38d674f661a6228e8) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Tue, 9 Feb 2016 17:02:05 +0000 (17:02 +0000)]
Bug 15773: Fix and standardise checkboxes code in framework
When creating a new subfield for an authority framework, the checkboxes
don't behave as they should.
If you click on the 'repeatable', 'mandatory' or 'is url' checkbox's
label, the checkbox from the second tab will be checked/unchecked.
This is caused by a non-unique id of the input element.
I have found this bug when working on the removal of CGI::checkbox in
both admin/auth_subfields_structure.pl and
admin/marc_subfields_structure.pl scripts.
This patch remove the use of CGI::checkbox as well as the generation of
html code from these 2 pl scripts (which should be avoided).
The code these scripts are now pretty similar.
Test plan:
Add/modify/remove subfield for a MARC framework and an Authority
framework.
Use as many field as possible and confirm that the values are correctly
inserted/displayed.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 39597b86ae299a9b4c0c1e8221f51f9e8dd300ed) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 60e601bf5f485a46b36bf14d2145adf9c25fe098) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
David Cook [Fri, 5 Feb 2016 05:09:45 +0000 (16:09 +1100)]
Bug 15745: C4::Matcher gets CCL parsing error if term contains ? (question mark)
Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>
Also fixes ! and +
Rebased to master Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
It makes perfect sense and works as expected. This part of the code is too
under-tested so no point requiring a regression test for such a simple change.
Jonathan Druart [Wed, 30 Mar 2016 10:30:01 +0000 (11:30 +0100)]
Bug 15323: Use fixtures for the active currency
prove t/Prices.t
fails after bug 15084 has been pushed
It's caused by
commit 1538e9ecf47642c4974693ff499c3e95e4d71977
Bug 15084: Replace C4::Budgets::GetCurrencies with
Koha::Acquisition::Currencies->search
Koha::Number::Price->_format_params calls
Koha::Acquisition::Currencies->get_active, which requests the DB.
The currency data should be mocked.
Test plan:
sudo service mysql stop
prove t/Prices.t
should return green
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Patch works as expected and passes the qa-tools tests.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 0a14e22d59343475ed6970b82b474a80e43d8e29) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit c4c7ea475b813d97595a6114ef2e31028ec6efe5) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Mason James [Tue, 1 Mar 2016 03:26:06 +0000 (16:26 +1300)]
Bug 14441 - TrackClicks cuts off/breaks URLs
to test...
1/ set TrackClicks syspref to 'track'
2/ add a problematic multipart url to an item's 'url' field
example url: http://foo.corg?key1=val1&key2=val2
3/ test url in opac-detail.pl - url is corrupt
4/ apply patch - url is corrct
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Only fixes the item URLs - a follow-up for the URLs
in the bibliographic record (856 for MARC21) is still
needed.
Without this patch, the tests will hang
With the patch applied, they won't!
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 8255a18edc9c2eee52b01bfa20114b088b9bf555) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 5808b3de5b40bf964813b0c3509f7f7cd0429422) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Marc Véron [Wed, 10 Feb 2016 16:21:40 +0000 (17:21 +0100)]
Bug 11498 - Prevent bypassing sco timeout with print dialog
This patch prevents bypassing the self check timeout with the print dialog.
To test:
- Set syspref 'WebVasedSelfCheck' to 'Enable'
- Set syspref 'SelfCheckoutReceivePrompt' to 'Show'
- Set syspref 'SelfCheckTimeout' to 20 seconds
- Apply patch
- Go to SCO page (/cgi-bin/koha/sco/sco-main.pl)
- Enter card number
- Click 'Finish'. Dialog "Would you like to pritn a receipt?' appears.
- Confirm printing without waiting 20 seconds
=> Result: Print slip, SCO page shows 'Please enter your card number'
- Enter card number again
- Click 'Finish'. Dialog "Would you like to pritn a receipt?' appears.
- Wait > 20 seconds (value of SelfCheckTimeout) and then confirm.
=> Result: Message appears "Timeout while waiting for print confirmation"
- Click on OK.
=> Result: Self checkout page refreshes (shows 'Please enter your card number')
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
https://bugs.koha-community.org/show_bug.cgi?id=11497
Jonathan Druart [Thu, 3 Mar 2016 08:58:06 +0000 (08:58 +0000)]
Bug 15967: Fix regression from bug 14133 - notify the library if patron is not
Regression introduced by bug 14133, see but 14133 comment 13.
Test plan:
Without this patch applied, if a patron cannot be notified (no email
address or sms number), the print notice generated for the library was
not.
With this patch applied, the print notice should be generated using the
print template
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit faaa2cbcdb1970866be4f8a7001bf2de305823a9) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 8664af5e20716d1a849b1deb26e48927b4921c5a) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
John Seymour [Thu, 11 Feb 2016 03:38:15 +0000 (22:38 -0500)]
Bug 14633: Patch to control.ini to add or dependency to libapache2-mpm-itk
The other attachment was not a patch which could be applied by
'git bz'. This corrects that.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
debian/update-control will need to be run after this is applied, but
it works well Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit aa66debec6fcdbdadd643386749a61229167aa62) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 50c84aa4ce4614655a0fdc5c75a0e98694b4fa9c) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Mon, 21 Mar 2016 15:49:25 +0000 (15:49 +0000)]
Bug 16040: Update fnReloadAjax DT plugin to fix quotes deletion
When deleting quotes, the table is not regenerated and a JS error is
raised.
That is because we are not using an up-to-date plugin
Test plan:
Delete a quote and confirm you do not get a JS error
Works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 908a751e2cadcda0ceafa2efdd2cf0104a323467) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 9478a0bf1eb43e0b82fb7c8ea84a4b503b9f81ce) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Marcel de Rooy [Mon, 1 Feb 2016 12:48:06 +0000 (13:48 +0100)]
Bug 15713: Restart zebra when rotating logfiles
Somehow, it may happen that Zebra keeps writing to the old rotated logfile
with extension .log.1. I must add that although I saw that happen (a new
log was created and was empty, while Zebra kept writing to log.1 for weeks),
I cannot reproduce it every time.
By stopping the zebra server in prerotate and starting it again in
postrotate, this should not happen at all. In practice, this implies that
your Zebra server is restarted once a week.
Note: The existing sharedscripts directive makes sure that these actions
are not executed for all individual logfiles but once for all matching
logfiles (even when running multiple instances).
Test plan:
[1] Apply the change in koha-common.logrotate to the file
/etc/logrotate.d/koha-common.
[2] Run logrotate -f /etc/logrotate.conf (forcing a logrotate).
[3] Check in zebra-error.log that your zebra server was stopped
('killed by signal 15').
[4] Verify that your Zebra server runs (read: has been restarted).
(Do a search..)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit af47f00636848e1115b08652abcaec6b789bf672) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit ddd1bbebeadc3bed0fd592bc04621a0dc3fb08c6) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Marc Véron [Thu, 24 Mar 2016 10:59:27 +0000 (11:59 +0100)]
Bug 14614: Multiple URLs (856) in cart/list email are broken
To reproduce:
- Add multiple subfields 856 u to a bilbio
- Add this biblio to a cart and send it as mail
(from Staff client and from OPAC)
Result: Links in mail body are broken
To test
- Apply patch
- Send carts again (from Staff client and from OPAC)
- Result: In mail body, links display separated with blank-pipe-blank
like http://bla.com | http://blabla.com | http://blablabla.com
- Change one of the 856 u to not to be a link, e.g. äöü
- Send carts again
- Verify that in mail body äöü correctly display as text.
(Amended to make it work for OPAC as well, MV)
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit d135499d2893fe1000c627f433395989d7d9e022) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit bd6e5a4c32496c94b0f90010fdc6b8dc047ea64f) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Thu, 17 Sep 2015 07:40:19 +0000 (08:40 +0100)]
Bug 14841: Fine column is not manage by columns settings
Bug 9481 added the "Fine" columns to the checkouts table and bug 13492
added the columns settings to these table.
They overlapped each others in the bugs queue.
Test plan:
Confirm that you are able to hide/show the "Fine" columns on both
checkouts table.
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit f94afd5e6c5bbc6669cf74177aad0da9f492a3d1) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Thu, 17 Sep 2015 07:34:28 +0000 (08:34 +0100)]
Bug 14841: Columns settings are not taken into account for checkout table / moremember
There is a typo member vs members in the template when retrieving the
existing settings.
So that all columns are displayed, even the ones which are hidden
(sort_order, due_date_unformatted, etc.)
Test plan:
0/ Does not apply this patch
1/ Go on the columns config page and check some fields not to display by
default for Patrons > moremember > issues-table
2/ Go on the patron detail page (with checkouts), click on the "show/hide
columns" button (top right of the table).
Confirm that the config is not taken into account and that it's ugly
(hidden columns are displayed)
3/ Apply this patch
4/ Everything should be fine now :)
Signed-off-by: Joonas Kylmälä <j.kylmala@gmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8b7e1f45832e3b8d079612d973916310766aa93a) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Wed, 6 Jan 2016 13:10:00 +0000 (13:10 +0000)]
Bug 15119: Hide search header text boxes on render
When the page rendering is slow or the page is heavy, the tabs in the
header shown be not correctly displayed as tabs.
This patch suggests to hide them, display the first one, and wait for
the JS code to display them nicely.
To easily reproduced the ergonomic issue, go on the circulation home
page (/cgi-bin/koha/circ/circulation.pl) and search for a patron 'a' or
'd', you will get a lot of result and the page will be slow to be fully
displayed.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 70eedf2217e1bfde1c56bc77c8dd0dc039124f47) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 0d018647849724bacc40be7360e56a29c1a7fb53) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Zeno Tajoli [Tue, 1 Mar 2016 10:44:42 +0000 (11:44 +0100)]
Bug 15946 Valid namespace for OAI marcxml schema (3.22/3.20)
As the patch for master, this patch apply on 3.22 (and 3.20 probably).
This path fixes the value of xml schema variable and the link to Library
of Congress. For Dublin Core format those values are defined in
UNIMARCslim2OAIDC.xsl and MARC21slim2OAIDC.xsl. For MARCXML those
values are written into the code
To test it:
1) Setup OAI-PMH
2) Test the site inserting the BaseURL into http://validator.oaipmh.com
3) See the problem with ListMetadataFormats [link:
http://validator.oaipmh.com/#ListMetadataFormats] 4) Insert the patch
5) See the problem is over
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Invalid before patch, valid after.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
(cherry picked from commit 631b93204579bb2d85fc29af2500370449b07439) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Wed, 9 Mar 2016 11:28:04 +0000 (11:28 +0000)]
Bug 16013: Make classification sources deletable
Because of a wrong variable scope, the classification sources are not
deletable.
Test plan:
Create a classification sources (admin/classsources.pl)
Try to delete it
Without this patch, the classification source won't be deleted
With this patch, it will work!
Signed-off-by: Srdjan <srdjan@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit f6463317db08b9a4218ad94a2d191a5f5216c8c5) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 145e4f7a1e104416da3fe5866ae537e68e4e9480) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Kyle M Hall [Mon, 7 Mar 2016 14:04:44 +0000 (14:04 +0000)]
Bug 15997 - Hold Ratios for ordered items doesn't count orders where AcqCreateItem is set to 'receiving'
Currently, the hold ratios script only counts on order items where the
record item is created at the time the order is placed, and not if the
item is created when the item is received.
Test Plan:
1) Set AcqCreateItem to recieving
2) Run the hold ratios report with "include ordered" checked
3) From aquisitions, order some additional items for the record
4) Re-run the hold ratios report, not there is no change in the ratio
for that record
5) Apply this patch
6) Re-run the hold ratios reporat again, the ratio should now have
changed
Signed-off-by: Srdjan <srdjan@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 7e1ccbd6069658540dd352f63ade3ef7b19de282) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 26f05afd0b66b4903e6c41a3e21150c34d024b2c) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Fri, 18 Mar 2016 08:34:22 +0000 (08:34 +0000)]
Bug 16095: Remove target="_blank" when a link refer to an external link
If you click on a link that opens a new tab/window to another site, that tab
has access to the original window through JavaScript. The browsing context is
related, even if the domains are totally different.
The tab retains access to the original window's object via window.opener, even
if you navigate to another page or domain, in the new or original window.
Access to the Window object means the new window can use Window.location to
open a different URL in the original window, perfect for phishing attacks.
Depending on the site's Same-Origin Policy settings, the new window may have
access to other parts of the original window's DOM as well.
Any 'A HREF' that contains a target of of '_blank' or '_new' or a fixed name
is vulnerable. Previous security best practice often suggested creating a random
fixed name for an unpredictable namespace - that won't help with this problem!
Targets of '_self' and '_parent' are safe.
We do not use _new (at first glance) but several _blank. Some are used
to refer internal url, we do not need to update or remove them. Others
are used to satisfy OPACURLOpenInNewWindow, in these case, we should add
the rel="noreferrer" attribute to the a tags.
In other cases, we can simply remove them and let the users discover
that a mouse has more than one button (we are in 2016, they can do it!)
Signed-off-by: Chris <chrisc@catalyst.net.nz> Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 6c1b39b4cbceb1a414a91865e15612385c2eb5b7) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit bf55fbd4d42058487f1fef30f7dbfc24e6f8bad3) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Jonathan Druart [Wed, 17 Feb 2016 16:21:50 +0000 (16:21 +0000)]
Bug 15840: Catch errors if userid already exists when importing patrons
Import borrowers tool explodes if userid already exists. This error
should be caught to avoid the script to explodes.
TEST PLAN
---------
1) back up DB
2) drop DB, create empty DB
3) Apply patch 15842
4) web install all the sample data
5) login as system user and import patron data
-- sample provided to trigger error.
-- you will get a DBIx::class exception
"Duplicate entry ' for key 'userid'"
6) Apply this patch
7) Repeat steps 2-5
-- patrons won't be inserted but an error
will be nicely displayed in the error list.
8) run koha qa test tools
Note that it would be easy to insert the patrons anyway and generate a
userid based on the surname and firstname.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit f1e156453a1bc636914bc5c969e1665d7108cb95) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 8d0a57f5241a911d7e95a24ddb01acd824451c99) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Zeno Tajoli [Wed, 2 Mar 2016 12:01:22 +0000 (13:01 +0100)]
Bug 15955: Tuning function 'New child record' for Unimarc 205$a -> 461$e
Now the sYstem tries to insert value of 205$a into 461$a when a child is
created from the father record. In UNIMARC 46x tags there is not
present a subfield for ediction value (205$a in UNIMARC).
To Test:
1) Check to have EasyAnalyticalRecords on 'off'
2) Check to use UNIMARC
3) Create a record with data in 200$a (title), 205$a (ediction), 700
(author) 215$a(Place), 215$d(date)
4) From those record create a child using 'New'->'New child record'
5) See the values in 461 tag: You can see that in 461$a there is the
value of 205$a from father This is wrong, you need to have the value
of 700 $a and $b from father record, and 205$a in 461$e.
6) Appy the patch
7) Redo 4-5
8) Now 461 is good
Signed-off-by: Frédéric Demians <f.demians@tamil.fr> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I have not checked the doc but trusting author and signoffer.
Owen Leonard [Wed, 9 Mar 2016 19:49:40 +0000 (14:49 -0500)]
Bug 16033 - Quotes upload preview broken for 973 days
A missing snippet of DataTable configuration means that when you upload
a CSV of quotes to the Quotes of the Day feature the table previewing
your import is not visible. This patch corrects it.
To test, apply the patch and go to Tools -> Quote editor -> Import
quotes.
- Upload a CSV file containing data in two columns, "source","text"
- When your upload completes you should see a DataTable previewing the
data from your CSV.
- Check that deletion of individual quotes works from the preview.
- Check that quotes are correctly imported.
- Ponder the long 2.66 years during which this page was broken.
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Quote of the day: Serenity of mind comes with patience.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 54214c4016d3d20da44047df41034fd752c50591) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 618bb26c212511dd8e94822aaabc80729d788527) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Owen Leonard [Fri, 4 Mar 2016 17:07:44 +0000 (12:07 -0500)]
Bug 15982 - Serials numbering patterns can be deleted without warning
A JavaScript alert should ask the user to confirm deletion of a serial
numbering pattern. This patch adds this to the template.
To test, apply the patch and go to Serials -> Manage numbering patterns.
- In the list of patterns, click any "Delete" link.
- Verify that a JavaScript alert is triggered.
- Test that cancelling the alert cancels the deletion operation.
- Test that confirming the alert allows the deletion to complete.
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 6179f04c8afcbc965756cf7daea039be986727d7) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit ee5780d4b7e3c83ad81610da259029cbe8c4ebde) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Owen Leonard [Fri, 4 Mar 2016 16:52:25 +0000 (11:52 -0500)]
Bug 15981 - Serials frequencies can be deleted without warning
A JavaScript alert should ask the user to confirm deletion of a serial
frequency. This patch adds this to the template.
To test, apply the patch and go to Serials -> Manage frequencies
- In the list of frequencies, click any "Delete" link.
- Verify that a JavaScript alert is triggered.
- Test that cancelling the alert cancels the deletion operation.
- Test that confirming the alert allows the deletion to complete.
Signed-off-by: Nicole C Engard <nengard@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 4e82b8db94ee24ebd49541c25a6dac55cb8d543c) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 5d429ae9a797bb80ddf7482ef03b108456c9318a) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Nick Clemens [Tue, 2 Feb 2016 14:31:34 +0000 (14:31 +0000)]
Bug 15697 - [QA Followup] Apply change to NORMARC
This patch switches from UNLESS MARC21 to IF UNIMARC - this way changes
apply to MARC21 and NORMARC and UNIMARC remains unaffected
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 566daf8c24ad577da1b07c190979ada67877bed7) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 70efd64b4727adb58a5b6f54334cb622fb9d0b8f) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Nick Clemens [Thu, 28 Jan 2016 20:33:58 +0000 (20:33 +0000)]
Bug 15697: Unnecessary comma between title and subtitle on opac-detail.pl
To test:
1 - Go to Administration->Keyword to MARC mapping
2 - Add a mapping (or ensure it exists)
Field name: subtitle
MARC field: 245
MARC subfield: b
3 - View a record with a subtitle in the opac
4 - Note in MARC 21 you have "Title of record:, subtitle of record"
5 - Apply patch
6 - View the record again and note the comma is no longer present.
Note: this patch removes the comma only for MARC21 where subtitle is not
repeatable. UNIMARC seems to be repeatable and does not include
punctuation so I believe this may be needed there.
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as described. Comma removed from title of the window and breadcrumb
section
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e19db8ca32dd776263b73474ece4e17d88ab17b4) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 889a2f7a6c96e8b4d597b60464b6110098da7518) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Owen Leonard [Mon, 29 Feb 2016 18:39:16 +0000 (13:39 -0500)]
Bug 15940 - Remove unused JavaScript from authorities MARC subfield structure
The authorities MARC subfield structure template contains some unused
JavaScript, "function displayMoreConstraint()" This patch removes it.
To test, apply the patch and go to Administration -> Authority types ->
MARC structure -> Subfields -> Edit subfields and confirm that there are
no JavaScript errors and tab switching works correctly.
A search of the source code should show no instances of
"displayMoreConstraint."
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
No regression, no JS warning.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 3f70b4660bf57e854e6ef13b04fb29de57c53bec) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 3c9ed309ba2e308800e9c596c3c28d4a911813d2) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Owen Leonard [Tue, 23 Feb 2016 14:16:13 +0000 (09:16 -0500)]
Bug 15884 - Vendor contract deletion warning is incorrectly styled
When deleting a contract in Acquisitions -> Vendor -> Contracts, the
deletion confirmation message is not styled with the standard "dialog
alert" <div>. This patch modifies the confirmation markup to match the
standard.
To test, apply the patch and go to Acquisitions -> [ a vendor] ->
Contracts
- Try deleting a contract. The confirmation box should have the standard
"dialog alert" class.
- Test the 'confirm' and 'cancel' actions and make sure both complete
correctly.
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit a4f1103e416357dc0635f4d5347d50ff68457459) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Marc Véron [Fri, 12 Feb 2016 09:19:00 +0000 (10:19 +0100)]
Bug 15808 - Remove "Return to where you were before" from sysprefs
This patch removes the link 'return to where you were before' from
syspref search result page after failing search.
To test:
- Apply patch
- Go to System preferences in staff client, do a search
with something that does not exist
- Verify that a message pops up that does not contain the link.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 34b79932f79f83fbca528083cacbb61f157c05cb) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
(cherry picked from commit 4cbc77e639f3b3dde46067711a1c8d59d6384213) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>