Kyle M Hall [Mon, 23 May 2016 14:05:58 +0000 (14:05 +0000)]
Bug 16568 - Talking Tech generates phone notifications for all overdue actions
Regardless of whether the phone transport has been selected for a given
overdue action or not, the Talking Tech outbound script generates and
sends a line for that action.
Test Plan:
1) Enable Talking Tech
2) Create one or more overdue actions without a phone transport selected
and one or more with the phone transport selected
3) Generate the overdues csv file to send to Itive
4) Note the csv file has lines for actions that do not have the phone
transport selected
5) Apply this patch
6) Repeat step 3
7) Note the csv file now only has lines for actions that have the phone
transport selected
Signed-off-by: Jonathan Field <jonathan.field@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Thu, 18 May 2017 19:40:42 +0000 (16:40 -0300)]
Bug 18376: Do not need to prepare a single statement, use do
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 285dd883564eaf96737b2be153bbe6d30e1b64f7) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Bug 18376 - authority framework creation fails under Plack
With plack, when creating a new authority framework from another, you get the error :
Can't call method "prepare" on an undefined value at (...)/src/admin/auth_tag_structure.pl line 267.
Looks like plack does not like when the var $dbh from the script is called inside a sub.
This patch adds a local var $dbh inside sub duplicate_auth_framework(), like in sub StringSearch().
Also correctes a redefine of my $sth.
Test plan:
- Go to Administration > Authority types
- Create a new type
- On this new type click on Actions > MARC Structure
- Select another type and click OK
=> You must get a table filled with the tag structure
Check with and without plack
You may not be able to reproduce the error with plack.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6a82ff4b8907f17fb17af3201ab6e96320a995bf) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Marcel de Rooy [Thu, 16 Jun 2016 08:38:54 +0000 (10:38 +0200)]
Bug 16749: Adjustments for koha-translate
[AMENDED February 10, 2017]
[1] Added reading /etc/default/koha-common as in the other debian scripts.
We need it for KOHA_HOME.
[2] Add a -d|--dev parameter for dev installs.
[3] No hardcoded PERL5LIB or KOHA_INSTALL_DIR (KOHA_HOME).
They are read from default file or set by adjust_paths_dev_install.
[4] Adjust template paths for dev installs: OPAC_TMPL, INTRANET_TMPL.
[5] Remove references to obsolete themes ccsr and prog.
Test plan:
[1] Regular package install:
Copy koha-translate to /usr/sbin.
Run koha-translate -l to show installed languages.
Run koha-translate -l -a to show available languages.
Add a language: koha-translate -i nl-NL.
Check template folders in regular location (/usr/share/koha/...)
Remove a language: koha-translate -r nl-NL. Check again.
[2] Dev install or kohadevbox:
Copy koha-translate to /usr/sbin.
If needed, add the <dev_install> line to koha-conf.xml.
Run koha-translate -l -d yourinstance to show installed languages.
(Note: You only see the languages installed in this instance.)
Add a language: koha-translate -i nl-NL -d yourinstance.
Check template folders in the clone.
Remove a language: koha-translate -r nl-NL -d yourinstance.
Note: Make sure you have sufficient file permissions for the kohaclone
files and koha-conf.xml. On kohadevbox you might need to run sudo
koha-translate within the the vagrant user context.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested on Jessie (Debian VM and Kohadevbox)
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Tested in a package installation of master+16749
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Marcel de Rooy [Fri, 10 Feb 2017 09:33:57 +0000 (10:33 +0100)]
Bug 16749: Adjustments for koha-plack
[1] Use run_safe_xmlstarlet for plack workers and requests
[2] Simplify adjust_paths. The lazy export statement is actually enough to
replace adjust_paths by one direct call to adjust_paths_dev_install.
Test plan:
[1] Copy koha-functions.sh and koha-plack:
cp [YOUR_PATH]/debian/scripts/koha-functions.sh /usr/share/koha/bin/
cp [YOUR_PATH]/debian/scripts/koha-plack /usr/sbin/
where YOUR_PATH might well be /home/vagrant/kohaclone.
[2] Make sure that you have dev_install in koha-conf.
Stop and start koha-plack. Verify with ps aux|grep plack.
[3] Rename dev_install to nodev_install (in start and end tag).
Now stop/start koha-plack. Verify with ps aux|grep plack.
[4] Change plack_requests to 51 in your koha-conf.
Restart Plack and check that you see 51 in ps aux|grep plack.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested on Jessie (Debian VM and Kohadevbox)
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Tested in a package installation of master+16749
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
In the meantime api was enabled in plack.psgi and needs a little tweak
too for a dev install.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Conflicts:
debian/templates/plack.psgi
Marcel de Rooy [Wed, 15 Jun 2016 12:08:28 +0000 (14:08 +0200)]
Bug 16733: Adjust other debian scripts using PERL5LIB
This patch makes the following changes:
koha-foreach, koha-upgrade-schema (shell scripts):
[1] Read default file
[2] Include helper functions
[3] Add call to adjust_paths_dev_install
[4] Replace hardcoded path by $PERL5LIB
koha-shell (perl script):
[1] Remove hardcoded lib path
[2] Add a sub that reads PERL5LIB from default or koha-conf, just as the
shell scripts do.
koha-plack (shell script), plack.psgi:
[1] Add call to adjust_paths_dev_install
[2] Remove hardcoded lib path
[3] Add installer path to PERL5LIB, remove it from plack.pgsi
koha-sitemap (shell script):
[1] Add call to adjust_paths_dev_install
[2] Remove hardcoded lib path
[3] Add installer path to PERL5LIB
[4] Adjust path for call to sitemap cron job
koha-start-sip (shell script):
[1] Read default file
[2] Include helper functions
[3] Add call to adjust_paths_dev_install
[4] Adjust path to C4/SIP
koha-stop-sip (shell script):
[1] Remove KOHA_CONF and PERL5LIB (not needed to stop the daemon)
[2] Same for paths in daemon client options
NOTE: Script debian/scripts/koha-upgrade-to-3.4 has been left out
intentionally.
Test plan:
[1] Regular install:
Run koha-foreach echo Hi
Run koha-upgrade-schema yourinstance
Run koha-shell yourinstance
If you have plack, run koha-plack --start|--stop yourinstance
Run koha-sitemap --generate yourinstance
Run koha-start-sip yourinstance
Run koha-stop-sip yourinstance
[2] Dev install [yourinstance] with <dev_install> in koha-conf.xml:
Run koha-upgrade-schema yourinstance
Run koha-shell yourinstance
If you have plack: koha-plack --start|--stop yourinstance
Run koha-sitemap --generate yourinstance
Run koha-start-sip yourinstance
Run koha-stop-sip yourinstance
[3] Git grep on koha/lib
You should no longer see occurrences in debian/scripts except:
koha-translate: see report 16749
koha-upgrade-to-3.4: left out intentionally
[4] Git grep on koha/bin
You should only see hits for lines with koha-functions in the
debian scripts except:
koha-upgrade-to-3.4: left out intentionally
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Most scripts tested on Wheezy (although it would not matter much).
Plack script tested on Jessie.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Marcel de Rooy [Wed, 15 Jun 2016 11:57:12 +0000 (13:57 +0200)]
Bug 16733: Adjust koha-rebuild-zebra
[1] Add a call to the new adjust_paths_dev_install
[2] Differentiate location of rebuild_zebra.pl
[3] Replace a hardcoded path by $PERL5LIB
Test plan:
Adjust a biblio record in package or dev install.
Run koha-rebuild-zebra -b -z for same instance.
Verify that the change has been indexed.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Marcel de Rooy [Wed, 15 Jun 2016 11:43:41 +0000 (13:43 +0200)]
Bug 16733: Adjust koha-indexer
[1] Add a call to the new adjust_paths_dev_install
[2] Differentiate location of rebuild_zebra.pl
NOTE: The scripts assume koha-functions.sh to be in /usr/share/koha/bin.
Finding a better location for this shell library may be hard.
Test plan:
Run koha-indexer for a regular package install or a dev install.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Mirko Tietgen [Sat, 12 Nov 2016 07:50:04 +0000 (08:50 +0100)]
Bug 17618: perl-modules Debian package name change
Newer versios of perl-modules have a version number in the package name.
This patch makes Koha aware of perl-modules-5.22 and perl-modules-5.24
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0c5905843dfc55e422c667f9d0aa6f243f56f1a8) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Owen Leonard [Sat, 29 Apr 2017 17:45:48 +0000 (17:45 +0000)]
Bug 17936 - Search bar not aligned on right in small screen sizes
This patch tweaks the OPAC's CSS so that the main search form's fields
have consistent width at small screen sizes.
To test, apply the patch and process the LESS files. View the OPAC main
page at a very narrow browser width and confirm that the text field
width matches that of the dropdown and button.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Marcel de Rooy [Tue, 17 Jan 2017 15:49:40 +0000 (16:49 +0100)]
Bug 17925: Disable debugging in reports/bor_issues_top.pl
Remove setting $debug to 1. This prevents creation of file
tmp/bor_issues_top.debug.log.
Enable warnings pragma.
Resolve a uninitialized warning on $sep like:
Use of uninitialized value $CGI::Compile::ROOT::usr_share_koha_masterclone_reports_bor_issues_top_2epl::sep in string eq at /usr/share/koha/masterclone/reports/bor_issues_top.pl line 66.
Test plan:
Restart Plack (as you always do when testing).
Remove file /tmp/bor_issues_top.debug.log.
Open Reports/Patrons with the most checkouts.
Check if the file in /tmp has not been created again.
Check the log for warnings after you restarted Plack.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e739fecbc83ff0ee32f155ae7e74c4780a5201c2) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Nick Clemens [Thu, 27 Apr 2017 19:39:35 +0000 (15:39 -0400)]
Bug 18504 - Amount owed on fines tab should be formatted as price if <10 or credit
To test:
1 - Give a patron a fine of 1
2 - View opac fines tab, it shows as '1'
3 - Give patron a credit of '1'
4 - View opac fines tab, it shows as '1'
5 - Apply patch
6 - Both now show as '1.00'
Signed-off-by: Lisa Gugliotti <lisa@hchlibrary.org> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6da7ed1d8c17960e1e90b8f197fe948d4ed25bad) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Owen Leonard [Sat, 29 Apr 2017 18:45:30 +0000 (18:45 +0000)]
Bug 16515 - Did you mean? links don't wrap on smaller screens
This patch tweaks some CSS in the OPAC to give the "Did you mean" block
better layout on smaller screens.
To test, apply the patch and process LESS files. Enable "Did you mean"
plugins for the OPAC in Administration.
Perform a search in the OPAC and confirm that the "Did you mean" block
looks correct. Resize your browser to various widths and confirm that
the block handles all sizes well.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Amended to include items and deleteditems.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 69a24812eda9c10841d8f20ce4c689305703b6f0) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Jonathan Druart [Tue, 6 Sep 2016 09:12:20 +0000 (10:12 +0100)]
Bug 17257: Fix add/edit patrons under MySQL 5.7
If no guarantor is defined the patron won't be added/modified and an
error will be raised:
DBD::mysql::st execute failed: Incorrect integer value: '' for column
'guarantorid'
Test plan:
Using MySQL 5.7 (and/or sql_mode=STRICT_TRANS_TABLES)
Create a patron without guarantor
Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Tested with MariaDB 10.0.30 (sql_mode='STRICT_TRANS_TABLES') Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 720071004516ec4e119dc5ec7f9538b56313b186) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Bug 18444: Add TalkingTechItivaPhoneNotification to sysprefs.sql
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3e1f21ae0ddcef1c351639e228410f8523f5efe4) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Jonathan Druart [Thu, 11 May 2017 15:37:24 +0000 (12:37 -0300)]
Bug 18370: Use splice instead of splice
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ec822b855244cacf36757e9028779ad9d270c370) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Jonathan Druart [Mon, 3 Apr 2017 14:50:07 +0000 (11:50 -0300)]
Bug 18370: Columns visibility on patron search - Hide the correct column
When a column is hidden by default on the patron search result table,
if the logged in user does not have the "tools > manage_patron_lists"
permission, the wrong column will be hidden.
Test plan:
Edit the column visibility detail for "Patrons > id=memberresultst"
Set "Fines" hidden by default
Search for patrons
=> Without this patch, if the logged in user does not have the
manage_patron_lists permission, the wrong column will be
hidden/displayed.
Signed-off-by: Séverine Queune <severine.queune@bulac.fr> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0a2b14dd16292572e5163e5dfa491432be1660d2) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Jonathan Druart [Mon, 27 Mar 2017 20:18:22 +0000 (17:18 -0300)]
Bug 18340: Fix progress bar length
The progress bar (for background jobs) should be fully filled when 100%
is hit, right? :)
It has been introduced quite long time ago when the size of the progress
bar has been changed from 150 to 200px, and the code has been
refactored.
Test plan:
Launch a big modification/deletion of records/items in a batch.
You should see the progress bar progressing to 100 and reach 100!
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e424bd0d84d4aa30ceae5e6cea0ee453413f0ef9) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
1) Go to Tools > Label creator
2) If you don't have a printer profile defined, create one.
3) Go to manage > Printer profiles
4) Click the 'edit' button on any of the profiles.
5) INTERNAL SERVER ERROR! "Can't use string ("fields") as a HASH ref
while "strict refs" in use at /usr/share/koha/lib/C4/Creators/Lib.pm
line 147"
6) Apply patch
7) Click the 'edit' button on any of the profiles.
8) Things work as expected
Bug reproduced, is fixed by this patch Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit af845c143a4f5a8fb1ea88cac3478ef91a1bdb9c) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Mark Tompsett [Tue, 21 Jun 2016 18:49:32 +0000 (14:49 -0400)]
Bug 4460: Amazon's AssociateID tag not used in links so referred revenue lost
Reworking based on output of:
git grep "gp\/reader"
Additionally, some changes might be in order though gp/reader works.
https://affiliate-program.amazon.com/help/topic/t64/a1
suggests using dp
A dp was discovered, so that part of the URL was left unchanged.
The "/ref..." part was changed to just an Amazon tag ("?tag={AAT}")
if defined.
TEST PLAN
---------
1) Added:
"100 years of Canadian foreign policy /
edited by Robert Bothwell and Jean Daudelin."
2) Added a second book with the word foreign in the title.
3) Waited for reindex
4) Checked out the Canadian foreign policy book.
5) Applied patch
6) Made sure that:
- AmazonAssocTag was set to TEST (easy to notice)
- AmazonCoverImages was set to 'Show'
- OPACAmazonCoverImages was set to 'Show'
7) Searched intranet for 'foreign' to find the detail page
-- hovering over picture shows URL with ?tag=TEST in it.
8) Went to the OPAC Detail page
9) Toggling OPACURLOpenInNewWindow, confirmed that URL for
the picture contained ?tag=TEST in it.
10) Logged into the OPAC
11) Confirmed the URL in the checked out list on your summary
page contained ?tag=TEST in it.
12) Confirmed the URL in the checked out list on your reading
history page contained ?tag=TEST in it.
13) Confirmed links worked (went to expected page)
14) run koha qa test tools
Followed test plan. Works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 463c5a0f25a1e2dfc3331319bd86f17b4114821e) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Jonathan Druart [Tue, 2 May 2017 22:12:49 +0000 (19:12 -0300)]
Bug 18525: (bug 14828 follow-up) FIX ordering from suggestion when item-level_itypes = biblio
When ordering from a suggestion with item-level_itypes = biblio the app
crashes with
Template process failed: undef error - The method selected is not
covered by tests! at /home/vagrant/kohaclone/C4/Templates.pm line 121.
C4::ItemTypes->all did not set a selected flag. The item type is only
display when ordering (and not modifying an order).
The flag is never set, the test can be removed.
Test plan: Confirm that the error is gone
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 9a3ad32e468f2a006a43577031f3aa50b83fb3d8) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Jonathan Druart [Mon, 8 May 2017 15:43:43 +0000 (12:43 -0300)]
Bug 16758: Use the default cache instance
I do not see a valid reason not to use the default one instead of the
syspref one.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit caa4cccfa09cdf5c9816634194000307ac508578) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Jacek Ablewicz [Wed, 14 Sep 2016 13:33:07 +0000 (15:33 +0200)]
Bug 16758 - Caching issues in scripts running in daemon mode
As L1 cache does not have expiration mechanism, scripts running
in daemon mode (rebuild_zebra.pl -daemon, sip server ?, ...) would
not be aware of any possible changes in the data being cached
in upstream L2 cache.
This patch adds ->flush_L1_caches() call in rebuild_zebra.pl
inside daemon mode loop.
To test:
1) apply patch
2) ensure that rebuild_zebra.pl -daemon is still working properly,
without any noticeable performance degradation
3) stop memcached daemon and try to run rebuild_zebra.pl -daemon
again: there should be a warning emitted stating that the script
is running in daemon mode but without recommended caching system
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 84dbc80074b5b1ada05b815cba810e4c5fb10dd2) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Martin Renvoize [Fri, 28 Apr 2017 07:48:50 +0000 (08:48 +0100)]
BUG 18505: opac-search-history does not respect opacPublic
The opac-search-history page was available regardless of the opacPublic setting, this
patch corrects that.
Test plan, set opacPublic to 'No', test whether opac-search-history page is available
when not logged in, note that it is.
Apply patch, test whether opac-search-history is still available when not logged in,
note that you should be redirected to the login page.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 18233 - t/db_dependent/00-strict.t has non-existant resetversion.pl
Removes a warning.
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Owen Leonard [Tue, 3 Jan 2017 15:08:32 +0000 (15:08 +0000)]
Bug 17812 - Return focus to barcode field after toggling on-site checkouts
This patch changes the behavior of the checkout form so that after
checking boxes in the "checkout settings" panel the cursor focus is
automatically moved to the barcode field.
To test, apply the patch and enable OnSiteCheckouts and
decreaseLoanHighHolds system preferences.
- Open any patron account in circulation.
- Expand the "Checkout settings" panel.
- Click the label or checkbox for "Automatic renewal", "Don't
decrease checkout length based on holds" and "On-site checkout"
- Confirm that the focus has moved to the barcode field.
Works as advertised. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Marjorie Barry-Vila <marjorie.barry-vila@ccsr.qc.ca> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Nick Clemens [Tue, 11 Apr 2017 15:22:13 +0000 (11:22 -0400)]
Bug 18415 - Advanced Editor - Rancor - return focus to editor after successful macro
After running a macro we should return focus to the editor screen so
editing can continue from keyboard
To test:
1 - Create a macro
007=vd cvaizq
2 - Run it and note focus is not on editor
3 - Apply patch
4 - Reload page
5 - Run macro
6 - Note focus is returned to editor
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Fridolin Somers [Mon, 27 Mar 2017 13:19:24 +0000 (15:19 +0200)]
Bug 17993 - Do not use modal authentication with CAS - tags bis
Bug 12046 corrected the fact that modal dialog does not allow to use the
CAS authentication in main authentication link. This must also be
corrected in link for tags in detail tags page: "Log in to see your own
saved tags."
Test plan :
- Enable syspref casAuthentication
- Go to OPAC, not authenticated
- Click on "Tag cloud"
- Click on "Log in to see your own saved tags"
=> Without patch you get the modal login popup
=> With patch you go to the login page opac-user.pl
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Fridolin Somers [Wed, 25 Jan 2017 13:47:02 +0000 (14:47 +0100)]
Bug 17993 - Do not use modal authentication with CAS - tags
Bug 12046 corrected the fact that modal dialog does not allow to use the CAS authentication in main authentication link.
This must also be corrected in link for tags in detail page : "Log in to add tags"
Test plan :
- Enable syspref casAuthentication
- Go to OPAC
- Go to a record detail page opac-detail.pl
- Click on "Log in to add tags"
=> Without patch you get the modal login popup
=> With patch you go to the login page opac-user.pl
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Fridolin Somers [Wed, 25 Jan 2017 13:19:16 +0000 (14:19 +0100)]
Bug 17993 - Do not use modal authentication with CAS - lists
Bug 12046 corrected the fact that modal dialog does not allow to use the CAS authentication in main authentication link.
This must also be corrected in link of lists popup : "Log in to create your own lists"
Test plan :
- Enable syspref casAuthentication
- Go to OPAC
- Click on Lists > Log in to create your own lists
=> Without patch you get the modal login popup
=> With patch you go to the login page opac-user.pl
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Marcel de Rooy [Mon, 1 May 2017 12:15:58 +0000 (14:15 +0200)]
Bug 7550: [QA Follow-up] Resolve param warning from sco-patron-image
Resolve this warning:
CGI::param called in list context from package C4::Service line 212, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 436.
It comes from the require_params call in sco-patron-image.pl.
The only candidate for multi_param seems to be 'servers', but as we can see
this variable is a scalar. Additional servers returned by require_params are
lost. This should be solved on its own report.
So, we can safely add scalar to the params call, resolve the warning and
keep the same behavior.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Jonathan Druart [Wed, 19 Apr 2017 17:09:12 +0000 (14:09 -0300)]
Bug 7550: SCO - Restrict access of patron's image
With this patch if SelfCheckoutByLogin is set to 'username and
password', only the logged in user will be able to see the image linked
to his/her logged in account.
If set to "barcode" we generate a token but it can be easily generated.
You should add a warning in the about page if
SelfCheckoutByLogin="barcode" and ShowPatronImageInWebBasedSelfCheck="Show".
How I tested:
- Go to SCO
- Log - Enable self checkout, go to [Your
Server]//cgi-bin/koha/sco/sco-main.pl
- Log in with a user 'A' who has a patron image
- Copy the address of the patron image into an other browser window
- Change the borrowernumber to on of an other user 'B' having a patron
image
- Verify that the patron image is NOT displayed
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Stephane Delaune [Wed, 22 Feb 2017 11:25:33 +0000 (12:25 +0100)]
Bug 18152 : fix unimarc label in SetMarcUnicodeFlag
The standard UNIMARC requires than the 9th character (starting from 0) in
labels must be blank (while it may be 'a' in marc21)
the problem is that C4::Charset::SetMarcUnicodeFlag (called in particular when
we import a record) always add 'a' char in the 9th label'pos whereas it should
do it just for MARC21 and NORMARC (not for UNIMARC) :
C4::Charset::SetMarcUnicodeFlag add 'a' char in the 9th label character for
MARC21 and NORMARC (it's normal), but just before doing this it call
"$marc_record->encoding('UTF-8')" which is a MARC::Record function which, when
called with 'UTF-8' parameter, do only one thing : add 'a' char in the 9th
label character
This patch only removes this incorrect function call, so, when we import a bib
record in UNIMARC : it no longer adds erroneous character (this does not change
anything for MARC21 and NORMARC because SetMarcUnicodeFlag explicitly adds 'a'
char in the 9th label for them)
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Fri, 21 Apr 2017 21:44:05 +0000 (18:44 -0300)]
Bug 18442: Add a test
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Alex Buckley [Wed, 19 Apr 2017 23:29:28 +0000 (11:29 +1200)]
Bug 18442: Fix DB user loggin
Test plan:
1. Drop and recreate your db
2. Clear memcached
3. Go through the installer (to speed up this test plan install all
sample data so you dont have to create libraries, patron categories etc. later)
4. On the installer page login as the database user and notice that it
does not work on the first attempt ( you get 'Error: You do not have
permission to access this page')
5. Try logging in as database user for a second time and notice you are
logged in successfully this time
4. In staff interface create a patron account with superlibrarian permissions
5. Logout of the staff interface
6. Login as database user
7. Notice you cant log in. You get the 'Error:: You do not have permission to access this
page' error
8. Try a second attempt and notice you get the same error
9. Open the URL in a new tab and notice the staff interface appears
showing that you are logged in
10. log out and log back in as the superlibrarian user you created and
notice it works on first login attempt
11. Apply patch
12. Log out and try logging back in as database user and notice that you
can login successfully on first attempt
13. Repeat steps 1,2,3 and login as database user and notice the login
works on first attempt
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Owen Leonard [Mon, 24 Apr 2017 14:21:00 +0000 (14:21 +0000)]
Bug 18484 - opac-advsearch.tt missing closing div tag for .container-fluid
This patch corrects HTML validation errors by adding back a missing
</div> which was removed accidentally by Bug 9043 (2014!).
This patch also removes "border" attributes from <img> tags because the
attribute is obsolete.
To test, apply the patch and test the validity of the OPAC's advanced
search page. The only error should be one about 'Bad value
"api-server,"' which isn't really resolvable.
Signed-off-by: Barton Chittenden <barton@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Marc Véron [Fri, 21 Apr 2017 19:22:44 +0000 (21:22 +0200)]
Bug 13835: Popup with searches: results hidden by language menu in footer
Language menus in pop up windows are not necessary and can hide the contents
(especially search results) on a narrow screen.
For an example, see screenshot in comment #3
This patch allows to mark pop p menus not to display the language footer.
To test:
- Reproduce issue from comment #3
- Apply patch
- Try to reproduce issue from comment #3
-> language menu should no longer display
- Verify that language menu is suppresed in 'Add to ist' as well
(from catalog search results, select an item, Add to:...)
Note: There will be more pop-ups with unwnated language selector.
That can be resolved in follow up bugs.
Followed test plan which worked as intended Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Owen Leonard [Tue, 25 Apr 2017 16:16:49 +0000 (16:16 +0000)]
Bug 18419 - Broken patron-blank image in viewlog.tt
Because of a variable name collision the blank patron image doesn't
display in viewlog.tt. This patch moves the image from the template to
the stylesheet to avoid this problem.
This patch also replaces the blank patron image PNG file with an SVG
file. SVG support is wide enough to begin using whereever possible.
This patch also removes some inline CSS from circ-menu.inc and puts it
in the global stylesheet.
To test, apply the patch and clear your browser cache if necessary.
- Enable the patronimages system preference.
- View a patron account which lacks a patron image. All views (details,
fines, notices, etc) should show the "blank" patron image, including
the modification log view.
- View a patron account which has a patron image and check that it still
displays correctly in all views.
Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Aleisha Amohia [Thu, 5 Jan 2017 02:01:57 +0000 (02:01 +0000)]
Bug 15738: Show rental fees on OPAC summary page
This patch adds a few lines that check for a rental fee on an item. If
yes, it will show in brackets as a rental fee on the OPAC summary page.
To test:
1) Have a borrower with an overdue item accruing fines, a lost item and
an item with a rental fee. Confirm the Fines column on the OPAC summary
page now shows you what you may expect to see for each item.
Sponsored-by: Catalyst IT Signed-off-by: Josef Moravec <josef.moravec@gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 18452: Correcting 'url' to say 'URL' in catalog detail
To test:
1) Edit a record, put a URL in 856u and hit save
2) Confirm that url shows as URL in OPAC and staff client
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Bug 15815: Reword confirm message when removing patrons from card batch
This patch rewords the confirm message when removing patrons from a card
batch.
From: "Are you sure you want to remove card number(s):1 from this
batch?"
To: "Are you sure you want to remove the selected patron(s) from this
batch?"
To test:
1) Go to Tools -> Patron Card Creator -> Manage batches
2) Edit a batch
3) Select one or more patrons and click 'Remove selected patrons' (not
individual Delete buttons)
4) Confirm the message is worded better and easier to understand
5) Click OK and confirm the patrons are deleted as expected
Sponsored-by: Catalyst IT Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Mark Tompsett [Fri, 20 Jan 2017 02:13:47 +0000 (21:13 -0500)]
Bug 15702: Recommended Counter-patch
As per comment #7, this patch affects AddMember and ModMember.
The test plan should be the same as comment #6.
Secondary patch with tests still to come.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7fd248f3e9c80b36fb451eb90d2c34242c0cbb61) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Mark Tompsett [Fri, 21 Apr 2017 12:58:03 +0000 (08:58 -0400)]
Bug 15702: Add test cases for modified code
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 31378adbe1add83afd2ac77520a295c18ba70b72) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Jonathan Druart [Mon, 24 Apr 2017 17:16:34 +0000 (14:16 -0300)]
Bug 18457: Add tests
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 41669b45a808550088146380d534e4f3629590d9) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Conflicts:
t/db_dependent/Letters.t
Kyle M Hall [Wed, 19 Apr 2017 13:52:38 +0000 (09:52 -0400)]
Bug 18457 - process_message_queue.pl will die if a patron has no sms_provider_id set but sms via email is enabled for that patron
If SMS via Email is enabled, and a patron has opted for SMS messages, but has not selected a service provider, the cronjob will die with the error
Can't call method "domain" on an undefined value at /usr/share/koha/lib/C4/Letters.pm line 1055.
This will cause all messages that come after the error to not be sent!
Test Plan:
1) Enable SMS via Email
2) Enable SMS for a patron, but don't set a provider
3) Perform an action that will trigger an sms message to go into
the holds queue ( item due, item checkout, etc )
4) Run process_message_queue.pl, note the error
5) Apply the patch
4) Run process_message_queue.pl, no error this time!
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
(cherry picked from commit c7541091741878d28f648df8681a691cf787334c) Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Jonathan Druart [Thu, 2 Feb 2017 15:53:58 +0000 (16:53 +0100)]
Bug 18066: Hea V2 [squashed]
This patch is the Koha part of the Hea v2 project.
You can find the (testing) code for the server at
hea-ws - https://github.com/joubu/hea-ws/commits/v2
hea-app - https://github.com/joubu/hea-app/commits/v2
They contain the different pull requests made over the last 6 months.
More information on Hea at https://wiki.koha-community.org/wiki/KohaUsageStat_RFC
The goal of this commit message is to provide an overview of what could
be a new version of Hea.
Prior to these changes, the Hea database was filled with 1 line per Koha
installation. System preferences were filled by the libraries and a
cronjob (share_usage_with_koha_community.pl) collected these values to send
them to a webservice (hea-ws/upload.pl).
With the need to collect more data we would want to collect data at the library
level (branch) and not at the installation level.
For instance the geolocation, the url or the country can be different from one
library to another, even if managed from the same Koha installation.
The Hea DB has been upgraded to reflect that change (see hea-app/sql/schema.sql).
The hidden goal of this patch is to make Hea sexier and explain
better to libraries how it can be useful to share their information
with the Koha community. I guess the main problem is the lack of
communication and explanations about what we are doing we these data.
To fill this gap I'd like to (TODO)
1. Communicate on the ML about this new version of Hea (once it got
pushed and backported)
2. Link the Privacy_Policy.md from the Hea interface
3. Get help from a native English speaker to add
popup/help/info/whatever on "Home › Administration › Usage statistics",
to clearly explain what happens (and what will not happen!) when an option or
another is set.
You can find screenshot of this whole enhancement on bug 18066, comment 2.
What this patch does:
- Create a new branches.geolocation DB field
- Add 3 new sysprefs:
* UsageStatsGeolocation
* UsageStatsLibrariesInfo
* UsageStatsPublicID
- Integrate the Leaflet JS library to get a fancy map to pick
geolocations
How does it works:
On the new administration page where statistics to share are configured,
there are several new things. It is now possible to share information either
per Koha installation or libraries. If UsageStatsLibrariesInfo is set,
the info at library level (url, name, country, geolocation) will be
sent to the Hea webservice. If it is not set, you can decide to fill
UsageStatsLibraryUrl, UsageStatsLibraryName, UsageStatsCountry,
UsageStatsGeolocation to share these information. Note that even if the
data are retrieved at installation level, it's better to fill the prefs
as well: On the Hea website the different libraries defined for a given
Koha installation could be displayed on the same page.
This page is a public page which will be attributed to every
installation (with the pref UsageStatsPublicID). On this page all the
info available publicly will be displayed.
TODO later:
- Add a button on the administration page to delete the info shared
publicly. It will be easy to show that the info are no longer displayed
on the public page.
- Add an icon per Koha installation to get a better "public page"
- Any suggestions?
Test plan:
We will need to test hea-ws, hea-app and the Koha-side code to test the
whole enhancement.
1/ To start, clone the hea-ws and hea-app project and checkout the
'master' branch (*not* 'v2')
2/ Create the hea database and user
CREATE DATABASE hea
CREATE USER 'hea'@'localhost' IDENTIFIED BY 'hea';
GRANT ALL PRIVILEGES ON hea.* TO 'hea'@'localhost';
FLUSH PRIVILEGES;
3/ Fill the DB with some data
mysql hea < hea-app/sql/schema.sql
mysql hea < hea-app/sql/sql/mock-data.sql
4/ Checkout the 'v2' branch for both hea-ws and hea-app
5/ Execute the upgrade DB script
% cd hea-app
% perl -p -i -e 's/REPLACE_ME/hea/' sql/upgrade.pl # Fill the DB info
% perl sql/upgrade.pl
Now the DB is using the v2 structure. That means we have 1 installation
row per library previously defined. 1 library row has also been created.
5/ Configure hea-ws
% echo '192.168.50.1 hea.koha-community.org' >> /etc/hosts
<VirtualHost *:80>
DocumentRoot "/path/to/hea-ws"
ServerName "hea.koha-community.org"
<Directory "/">
Options +ExecCGI
Require all granted
AddHandler cgi-script .pl
</Directory>
</VirtualHost>
And enable it with a2ensite, then restart apache.
The copy the database.yml.sample to database.yml and edit it to fill the
DB info.
6/ Launch the hea-app
% cd hea-app
% edit README.md # to install the missing modules
% cp environments/config.yml environments/development.yml
% edit environments/development.yml # to fill the DB info
% perl bin/app.pl
Then hit localhost:3000
You should see a local version of Hea with sample data
7/ Back to Koha side
A. We will test that the webservice still works with previous version of Koha (without v2)
a. Do not configure Hea
% perl misc/cronjobs/share_usage_with_koha_community.pl -f -v
Then hit localhost:3000
=> Nothing added
b. Configure Hea on admin/usage_statistics.pl
perl misc/cronjobs/share_usage_with_koha_community.pl -f -v
=> New library added
c. Modify the Hea configuration
perl misc/cronjobs/share_usage_with_koha_community.pl -f -v
=> Info are modified
B. Not we will test that it works with the new version (much more fun ;))
% git checkout hea-v2 # koha
a. Configure Hea using /admin/usage_statistics.pl
perl misc/cronjobs/share_usage_with_koha_community.pl -f -v
=> Check the result on localhost:3000
b. Share libraries's info
perl misc/cronjobs/share_usage_with_koha_community.pl -f -v
c. Continue to play a bit and share the info.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Julian Maurice <julian.maurice@biblibre.com> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Tue, 20 Dec 2016 22:29:53 +0000 (22:29 +0000)]
Bug 14608 - HEA : add possibility of sharing usage statistics [squashed]
This patch set adds:
- a reference to Hea at the end of the installation process
- a link to the new page from the admin home page
- a new page to easily configure shared statistics
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Mason James <mtj@kohaaloha.com>
Fridolin Somers [Fri, 24 Mar 2017 15:07:16 +0000 (16:07 +0100)]
Bug 18329 - Batch record deletion broken
Hie, Tools > Batch record deletion seems broken.
Any deletion returns error :
Bibliographic record YYY was not deleted. An error occurred. (The error was: {UNKNOWN}: DBD::mysql::db begin_work failed: Already in a transaction at /usr/share/perl5/DBIx/Class/Storage/DBI.pm line 1560. at /home/koha/src/C4/Biblio.pm line 3468 , see the Koha log file for more information).
Looks like it is because of Bug 18242 which added a transaction in C4::Biblio::_koha_delete_biblio_metadata : $schema->txn_do.
The script batch_delete_records created a transaction with $dbh->{AutoCommit} = 0;
This patch fixes by using also Koha::Schema in batch_delete_records to manage transaction.
It also removes "$dbh->{RaiseError} = 1", this behavior is managed in Koha::Database.
Test plan :
- Go to Staff interface : Tools > Batch record deletion
- Enter a few existing biblionumbers
- Click on "Continue"
- Click on "Delete selected records"
=> Without patch you get a DB error
=> With patch you get confirmation message
- Try to get the biblios to confirm they are deleted : /cgi-bin/koha/catalogue/detail.pl?biblionumber=xxx
- Test with and without Plack
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Thu, 9 Mar 2017 19:58:17 +0000 (16:58 -0300)]
Bug 18242: 16.05 version - [SOLUTION 2]Handle correctly move to old_issues
The table old_issues has a primary key defined on the issue_id column.
This issue_id comes from the issues table when an item is checked in.
In some case the value of issue_id already exists in the table
Basically this happens when an item is returned and mysqld is restarted:
The auto increment value for issues.issue_id will be reset to
MAX(issue_id)+1 (which is the value of the last entry of old_issues).
See also the description of bug 18003 for more informations.
In this solution the change is done at code level instead of DB
structure: If old_issues.issue_id already exists before moving from
the issues table, the issue_id is updated (not on cascade for
accountlines.issue_id, should it?) before the move.
Jonathan Druart [Tue, 14 Feb 2017 15:22:40 +0000 (15:22 +0000)]
Bug 18094: Only search in searchable patron attributes if searching in standard fields
Test plan:
- Add a new patron attrbute and mark it searchable
- Populate a new patron with 'potato' in that field
- Add/edit another patron to have email potato@invalidemail.com'
- Perform a patron search with query 'potato' (in standard fields)
=> Both patrons are returned
- Perform a patron search with filters 'Email' and query 'potato'
=> Only 1 patron is returned and you are redirected to the patron detail page.
Followed test plan, works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Thu, 18 Aug 2016 14:52:38 +0000 (15:52 +0100)]
Bug 17146: Fix CSRF in picture-upload.pl
If an attacker can get an authenticated Koha user to visit their page
with the
url below, they can change or delete patrons' images
/tools/picture-upload.pl?op=Delete&borrowernumber=42
Test plan:
1/ Hit /tools/picture-upload.pl?op=Delete&borrowernumber=42
And confirm that you get a "Wrong CSRF token" error
2/ Go on the patron detail page with a patron's image
3/ Click on the Delete link (note the csrf_token param)
4/ The image will be deleted and you are redirected to the patron detail
page.
Regression tests:
Upload an image from the patron detail page and from the "upload patron
images" tool.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Fri, 12 Aug 2016 10:36:06 +0000 (11:36 +0100)]
Bug 17116: Fix CSRF in import_borrowers.pl
If an attacker can get an authenticated Koha user to visit their page
with the url below, they can change patrons' information
The exploit can be simulated triggering
/tools/import_borrowers.pl?uploadborrowers=42
In that case it won't do anything wrong, but it you POST a valid file,
it could.
Test plan:
Trigger the url above
=> Without this patch, you will the result page
=> With this patch, you will get the "Wrong CSRF token" error.
Regression test:
Import a valid file from the import patron form, everything should go
fine.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Marcel de Rooy [Thu, 11 Aug 2016 12:17:14 +0000 (14:17 +0200)]
Bug 17109: Add CSRF token to [opac-]sendbasket
If you have no (valid) token, you will not be able to send the message.
Test plan:
[1] Verify if you can still send the cart from opac and intranet.
[2] While still being logged in, try to send the cart from opac by
using the following URL:
/cgi-bin/koha/opac-sendbasket.pl?email_add=you@somedomain.com&comment=csrf_test&bib_list=doesnotmatter&csrf_token=justsomeguess12345
This should now result in a csrf error.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Marcel de Rooy [Thu, 11 Aug 2016 11:10:21 +0000 (13:10 +0200)]
Bug 17109: Remove second authentication from (opac-)sendbasket
Patch deals with opac and intranet variant.
If we authenticated the first time, it is not necessary to do it
a second time rightaway.
Replaces a call to get_template_and_user (including checkauth) by
gettemplate.
Also removes duplicate use C4::Biblio statements.
Test plan:
[1] Put a few books in the cart.
[2] Send the cart from OPAC.
[3] Send the cart from intranet.
Tested 3 patches together. Works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Tue, 9 Aug 2016 21:29:25 +0000 (22:29 +0100)]
Bug 17097: Fix CSRF in deletemem.pl
If an attacker can get an authenticated Koha user to visit their page
with the url below, they can delete patrons details.
/members/deletemem.pl?member=42
Test plan:
0/ Do not apply any patches
1/ Adapt and hit the url above
=> The patron will be deleted without confirmation
2/ Apply first patch
3/ Hit the url
=> you will get a confirmation page
4/ Hit /members/deletemem.pl?member=42&delete_confirmed=1
=> The patron will be deleted without confirmation
5/ Apply the second patch (this one)
6/ Hit /members/deletemem.pl?member=42&delete_confirmed=1
=> you will get a crash "Wrong CSRF token" (no need to stylish)
7/ Delete a patron from the detail page and confirm the deletion
=> you will be redirected to the patron module home page and the patron
has been deleted
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Tue, 9 Aug 2016 21:18:14 +0000 (22:18 +0100)]
Bug 17097: Add a confirmation page when deleting a patron
It won't hurt to have a confirmation page when deleting a patron.
Moreover it's the more easy way to protect against CSRF attacks :)
Test plan:
Make sure you get a confirmation page when deleting a patron
Confirm that approving or denying the confirmation work as expected
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Marcel de Rooy [Fri, 12 Aug 2016 06:09:50 +0000 (08:09 +0200)]
Bug 17110: Add unit test for MaxAge parameter in Token.t
Test plan:
Run t/Token.t
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Marcel de Rooy [Thu, 11 Aug 2016 13:25:44 +0000 (15:25 +0200)]
Bug 17110: Lower CSRF expiry in Koha::Token
Default expiry in WWW:CSRF is one week.
This patch sets it to 8 hours by default in Koha, and allows to
change the expiry period individually by passing MaxAge.
Test plan:
[1] Put items in your cart.
[2] Apply the example patch too.
[3] Send the cart from opac within the allotted 10 seconds.
[4] Send again, but wait some 10 seconds before submitting. Too late!
Tested 3 patches together, works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Tue, 21 Mar 2017 13:52:42 +0000 (10:52 -0300)]
Bug 18312: Fix export unless a file is supplied
Bug 18087 breaks export unless a file is supplied.
Can't use an undefined value as a HASH reference at
/home/vagrant/kohaclone/tools/export.pl line 75.
Test plan:
Export records using a file of id that is not a valid file (not txt or
csv)
Export records using a valid file
Export records without supplying a file
=> The export should work or fail as expected.
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Tue, 14 Feb 2017 09:52:14 +0000 (10:52 +0100)]
Bug 18087: Handle invalid filetypes
If an invalid file is used as biblionumber list, we should display a
message.
Test plan:
1/ Use csv, plain text files
=> Should work
2/ Use invalid files (binary files like pdf, doc*, xsl*, etc.)
=> Should not work and see a warning message.
Amended patch after signoff: Remove one warn debug line
Signed-off-by: Joy Nelson <joy@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Joy Nelson [Thu, 9 Feb 2017 19:42:57 +0000 (11:42 -0800)]
Bug 18087 - Clarification on File type when using file of biblionumbers to export data
Added a line to the screen detailing the types of files that can be used to upload a list of biblionumbers.
Test plan:
1. Go to tools->export data
2. under File option, (File types accepted: .csv and .txt) should appear
3. Check both Bibliographic and Authority Export screens for this new string.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com> Signed-off-by: Joy Nelson <joy@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Mason James <mtj@kohaaloha.com>
Jonathan Druart [Fri, 22 Jul 2016 09:26:12 +0000 (10:26 +0100)]
Bug 15451: Better error handling
1/ If a librarian edit (add_validate) a non-existing csv profile, we
explicitely die
2/ If you try to delete a non-existing csv profile, you will now get a
nice alert box
Bug 15451: (followup) fix filename extension for csv file
This patch does the same as basket/downloadcart.pl
to set '.csv' as filename extension for downloadshelf.pl
To test:
1) Define a CSV MARC profile
2) On staff download a list, extension is '.NN'
with 'NN' the CSV profile id.
3) Apply the patch
4) Download again, check extension is now '.csv'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>