]> git.koha-community.org Git - koha.git/log
koha.git
7 years agoBug 19057: Remove C4::Reserves::GetReserve
Jonathan Druart [Wed, 2 Aug 2017 15:00:00 +0000 (12:00 -0300)]
Bug 19057: Remove C4::Reserves::GetReserve

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19057: Move C4::Reserve::GetReserve to Koha::Holds
Jonathan Druart [Wed, 2 Aug 2017 15:21:20 +0000 (12:21 -0300)]
Bug 19057: Move C4::Reserve::GetReserve to Koha::Holds

This GetReserve subroutine can be replaced with Koha::Holds->find

Test plan:
-  git grep GetReserve
must not return results where GetReserve is called
- Cancel a reserve

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 9857: Fix failing tests
Jonathan Druart [Fri, 1 Sep 2017 19:20:18 +0000 (16:20 -0300)]
Bug 9857: Fix failing tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19076 - followup - delete fines from additional renewal
Nick Clemens [Fri, 11 Aug 2017 15:39:53 +0000 (15:39 +0000)]
Bug 19076 - followup - delete fines from additional renewal

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19076 - Move issue logging in AddIssue into condtional clause
Nick Clemens [Thu, 10 Aug 2017 15:20:58 +0000 (15:20 +0000)]
Bug 19076 - Move issue logging in AddIssue into condtional clause

Currently AddIssue tests if renewal, but logs an issue even if so. This
patch moves the logging into the conditional so a log entry is only
added if we aren't renewing (as renewals are logged separately)

To test:
1 - prove t/db_dependent/Circulation.t - one test should fail
2 - Enable both issue and renewal logs
3 - Checkout an item to a patron
4 - View the logs - the issue is captured
5 - Checkout the item to the patron again and confirm renewal
6 - Both an issue and a renewal are logged
7 - Apply patch
8 Repeat 1-6, tests should pass and only renewal should be logged

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19076 - unit tests
Nick Clemens [Thu, 10 Aug 2017 15:20:19 +0000 (15:20 +0000)]
Bug 19076 - unit tests

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19081: Do not list plugins that have been uninstalled
Jonathan Druart [Mon, 28 Aug 2017 17:00:28 +0000 (14:00 -0300)]
Bug 19081: Do not list plugins that have been uninstalled

Under plack, can_load should not check if a package is in cache, but
reload it. Otherwise plugins that have been uninstalled will still get
listed.
The error raised by can_load must only be displayed if the plugin has
been removed.

Test plan:
1/ Upload a plugin
2/ Note the plugin is listed as installed
3/ Modify the package of the plugin to add a compilation error (use
'Foo' for instance)
4/ Reload the page
5/ The plugin is not listed and a warning appear in the logs
6/ Remove the compilation error and uninstall the plugin
7/ The plugin is no longer listed and no warning appear in the logs

Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Bug 19081: Remove useless $plugin_file variable

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19004: [QA Follow-up] No need to check item-level_itypes again
Marcel de Rooy [Mon, 28 Aug 2017 06:51:24 +0000 (08:51 +0200)]
Bug 19004: [QA Follow-up] No need to check item-level_itypes again

As Jonathan pointed out, GetItem already called effective_itemtype.
So we can just use $item->{itype} here.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19004: Adjust AddReturn for retrieving item type
Marcel de Rooy [Wed, 9 Aug 2017 14:30:03 +0000 (16:30 +0200)]
Bug 19004: Adjust AddReturn for retrieving item type

In the regular situation, you can get itemtype via biblio and then
biblioitem as well as via biblioitem (at least when item-level_itypes
is set to biblio).

But since Koha unfortunately defined two relations in item, one for
biblioitemnumber (the good one) and one for biblionumber (redundant),
TestBuilder (correctly) builds one biblioitem and two biblios.

If you item-level_itypes to biblio record, this will result in failing tests
when calling AddReturn (in this case Koha/Patrons.t).
It will crash on:
    Can't call method "itemtype" on an undefined value at C4/Circulation.pm line 1826.
Cause: AddReturn goes via the biblionumber to biblio and than to
biblioitems, and it does not find a biblioitem. (Not a fault from TestBuilder
but a database design problem.)

This patch makes a small change in AddReturn to retrieve the itemtype via
biblioitem. It actually is a shorter road than items->biblio->biblioitems.

Note: I do not test the Biblioitems->find call, since we already checked
the GetItem call before and we have a foreign key constraint.
I did not call $item->effective_itemtype since we still use GetItem; this
could be done later.

Adjusted Circulation/Returns.t too: If we add an item with TestBuilder and
we called AddBiblio before, we should link biblioitemnumber as well.

Test plan:
[1] Do not apply this patch yet.
[2] Set item-level_itypes to biblio record.
[3] Run t/db_dependent/Koha/Patrons.t. (It should fail.)
[4] Apply this patch.
[5] Run t/db_dependent/Koha/Patrons.t again.
[6] Run t/db_dependent/Circulation/Returns.t
[7] Git grep on AddReturn and run a few other tests calling it.
    Note: Bugs 19070/19071 address three tests that call AddReturn too.
[8] In the interface, check in a book.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Note: Bugs 19070 and 19071 are already pushed. The command in comment #4
      has all the tests successful.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19004: Patrons.t should create its own data for enrollment fees.
Marcel de Rooy [Sun, 30 Jul 2017 14:53:00 +0000 (16:53 +0200)]
Bug 19004: Patrons.t should create its own data for enrollment fees.

If the patron categories J, K, YA would not exist, Patrons.t would fail.

Test plan:
[1] Remove one of these patron categories.
[2] Run t/db_dependent/Koha/Patrons.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 14316: Clarify meaning of record number in Batch record modification tool
Katrin Fischer [Sat, 19 Aug 2017 08:22:44 +0000 (10:22 +0200)]
Bug 14316: Clarify meaning of record number in Batch record modification tool

Same change as the first patch, but for the batch record
modification tool.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 14316: Clarify meaning of record number in Batch record deletion tool
Katrin Fischer [Mon, 8 Jun 2015 00:03:34 +0000 (02:03 +0200)]
Bug 14316: Clarify meaning of record number in Batch record deletion tool

Changes the label from 'list of record numbers...' to
'List of biblionumbers or authority ids...' to make it
more clear to the user which kind of input is expected.

To test:
- Go to Tools > Batch record deletion
- Check the new description
- Decide if it's more clear or not

Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18946 [QA Followup] - code cleanup
Kyle M Hall [Fri, 1 Sep 2017 12:41:51 +0000 (08:41 -0400)]
Bug 18946 [QA Followup] - code cleanup

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18946 - Change language from external web fails
Karam Qubsi [Tue, 18 Jul 2017 16:06:48 +0000 (00:06 +0800)]
Bug 18946 - Change language from external web fails

How to reproduce:
1. Get a multilingüal Koha like
http://demo1.orex.es/cgi-bin/koha/opac-changelanguage.pl?language=en
http://demo1.orex.es/cgi-bin/koha/opac-changelanguage.pl?language=es-ES

2. Copy that urls to any web page in an other domain -it must be in some
host - and try to link to the spanish or english version,it will keep you in the same position.

3. Apply this patch and try again , everything should work fine .

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18692 - intranet part
Lari Taskula [Wed, 31 May 2017 14:03:54 +0000 (17:03 +0300)]
Bug 18692 - intranet part

Fixes misplaced columns introduced by previous patch and adds the "-" for phone
transport type.

To test:
1. Set SMSSendDriver system preference on
2. Go to intranet messaging preferences
3. By default you should see checkboxes for all messages for SMS
4. Ensure columns are not misplaced (pushing one column too much to the right)
5. Delete sms method from one of the messages in message_transports table
6. Observe that "-" is displayed instead of checkbox for that message for SMS
7. Repeat same for TalkingTechItivaPhoneNotification system preference.
   By default it may not have transports in message_transports, so make sure
   to assign some in order to have the checkboxes visible.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18692 - same with syspref TalkingTechItivaPhone
Fridolin Somers [Thu, 1 Jun 2017 15:22:42 +0000 (17:22 +0200)]
Bug 18692 - same with syspref TalkingTechItivaPhone

Fixes misplaced columns introduced by previous patch and adds the "-" for phone
transport type.

To test:
1. Set SMSSendDriver system preference on
2. Go to intra and OPAC messaging preferences
3. By default you should see checkboxes for all messages for SMS
4. Ensure columns are not misplaced (pushing one column too much to the right)
5. Delete sms method from one of the messages in message_transports table
6. Observe that "-" is displayed instead of checkbox for that message for SMS
7. Repeat same for TalkingTechItivaPhoneNotification system preference.
   By default it may not have transports in message_transports, so make sure
   to assign some in order to have the checkboxes visible.

https://bugs.koha-community.org/show_bug.cgi?id=8692

Signed-off-by: Michael Andrew Cabus <michael@bywatersolutons.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18692 - When SMS is enabled the OPAC messaging table is misaligned
Fridolin Somers [Mon, 29 May 2017 14:32:18 +0000 (16:32 +0200)]
Bug 18692 - When SMS is enabled the OPAC messaging table is misaligned

Bug 6726 had corrected the fact that when SMS is enabled the messaging table is missing a column.
Bug 6458 has broken this.
The SMS column is missing an else case with cell containing only "-" like other columns.

Test plan :
- set SMSSendDriver preference empty
- go to OPAC patron messaging
- column SMS should not be visible
- set SMSSendDriver preference not empty
- go to OPAC patron messaging
- column SMS appears with checkboxes

Signed-off-by: Michael Andrew Cabus <michael@bywatersolutons.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18636: Sysprefs: Add explanation for conflict autonumbernum / BorrowerMandatoryFields
Marc Véron [Wed, 9 Aug 2017 07:46:02 +0000 (09:46 +0200)]
Bug 18636: Sysprefs: Add explanation for conflict autonumbernum / BorrowerMandatoryFields

This patch adds a note to the system preferences autonembernum and
BorrowerMandatoryFields regarding a conflict if automembernum is on
and BorrowerMandatoryFields contains cardnumber.

To reproduce issue: See initial comment.

To test:
- Apply patch
- Verify that in system preferences note appears with both prefs
  automembernum and BorrowerMandatoryFields

Followed test plan, works as described
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16485: collection column in Item search is always empty
Marc Véron [Tue, 27 Jun 2017 16:50:44 +0000 (18:50 +0200)]
Bug 16485: collection column in Item search is always empty

This patch fills the column 'Collection' in item search from the item values.

To test:
- Go to item search
- Reproduce issue from initial comment
- Apply patch
- Verify that the column 'Collection' is filled

Still to do, but outside of my datatable skills:
Filter by drop down in the column header does a substring search.
Example: Filter for 'Fiction" returns both 'Fiction' and 'Non-fiction' items.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Laurence Rault <laurence.rault@biblibre.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19024 Do not unset order cancelled status on basket close
Colin Campbell [Wed, 2 Aug 2017 16:12:44 +0000 (17:12 +0100)]
Bug 19024 Do not unset order cancelled status on basket close

On closing a basket, status is updated to ordered for orders not
completed. However the operation  was resetting the status for
cancelled as well as new orders.
While display is correct from the basket view (it checks the
cancellation date). The status in the acquisitions tab from the
catalogue view reverts erroneously to ordered.

This patch adds cancelled to the statuses not updated on basket
close.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19024 Fix some infelicities of phrasing in test messages
Colin Campbell [Tue, 15 Aug 2017 10:44:12 +0000 (11:44 +0100)]
Bug 19024 Fix some infelicities of phrasing in test messages

The test messages were awkwardly phrased, re phrase them to
sound more natuaral. Patch is cosmetic (grammar) only

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19024: Add tests
Jonathan Druart [Wed, 9 Aug 2017 19:09:32 +0000 (16:09 -0300)]
Bug 19024: Add tests

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 9857 - Follow-up - Fix for searches with su= or su:
Katrin Fischer [Fri, 18 Aug 2017 08:36:59 +0000 (08:36 +0000)]
Bug 9857 - Follow-up - Fix for searches with su= or su:

When the initial search is su=.../su:... the links was
not constructed correctly. With this change, it should
be the case.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 9857: Did you mean? uses wrong punctuation in search links
Katrin Fischer [Fri, 4 Dec 2015 00:17:50 +0000 (01:17 +0100)]
Bug 9857: Did you mean? uses wrong punctuation in search links

The link changes the search links generated by the plugins
from an=authid to an:authid, as suggested by Jared on the
bug report.

- Turn on the AuthorityFile und ExplodedTerms  plugins
  for the OPAC from the "Did you mean" section of the
  administration module
- Search a term in your OPAC where one or several
  authorities exist.
  A last name or a place name might work well.
- Verify that there are suggestions displayed on top of
  your result list.
- Verify that the link created is something like:
  /cgi-bin/koha/opac-search.pl?q=an=14084
- Apply patch.
- Verify the link has changed a little and still works
  correctly:
  /cgi-bin/koha/opac-search.pl?q=an:14084

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18621: Added in value attribute to dateexpiry field
Alex Buckley [Tue, 11 Jul 2017 22:09:48 +0000 (10:09 +1200)]
Bug 18621: Added in value attribute to dateexpiry field

Test plan:
1. Create a patron category with the dateexpiry value of 29/9/2017

2. Create a patron user from that patron category (which I'll refer to as patron A) with the date
expiry value of 1/10/2017 and submit the form

3. Notice that the manual dateexpiry you have submitted is correctly
displayed

4. Create a duplicate patron with the same firstname and surname and
patron A, and set the date expiry value of 1/10/2017 and submit the form

5. The form displays a duplicate patron message. Notice that the dateexpiry input box is empty now

6. Select the new member (not a duplicate member) option in the
messagebox

7. The form successfully submits and notice that the date expiry value
displayed is that of the patron category (i.e. it is 29/9/2017) not the
dateexpiry value of 1/10/2017 that you manually set for this patron

8. Apply patch

9. Repeat step 4

10. The form displays a duplicate patron message. Notice the dateexpiry input box still
contains the value you entered which is 1/10/2017. Select the new member
(not a duplicate member) option in the messagebox

11. The form successfully submits and notice that the date expiry value
displayed is 1/10/2017 that you manually set for this patron

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19129 - Follow-up - Add changes to patron duplicate warning
Katrin Fischer [Thu, 17 Aug 2017 22:14:52 +0000 (00:14 +0200)]
Bug 19129 - Follow-up - Add changes to patron duplicate warning

Adds logic from the previous fix to the brief patron summary
shown when checking a possible patron duplicate.

Bonus: Also fixes missing patron category description there.

To Test:
- Add 2 patrons
- Add a patron with the same surname and firstname as an
  existing patron in order to trigger the duplicate message
- Click "View existing patron"
- Verify display is correct when existing patron is
  - an organisation
  - not an organisation
- Verify that the patron category description shows

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19129 - Clean up Details tab for Organisation patrons
Katrin Fischer [Thu, 17 Aug 2017 14:51:08 +0000 (14:51 +0000)]
Bug 19129 - Clean up Details tab for Organisation patrons

Problem: A patron category "I" would cause display problems
on the details in the intranet. This is because the templates
confused patron category "I" with patron type "I" (organisation).

Patch:
- Cleans up variable confusion between categorycode and
  categorytype.
- The template contained code to change the labels below
  the address to 'Organisational phone:" etc., I have removed
  this part as it does not match the edit form anymore.
- Initials, date of birth and gender are still hidden for
  organisation - matching the edit form.

Bonus:
- The patron category description was missing on the
  right and left side of the details tab. Now it displays.
- Fixes some html issues:
  - doubled up class attribute in a tag
  - doubled up </li></li>

To test:
- Create 3 patrons
  - patron category code doesn't matter, but category type organisation
  - patron category code 'I', category type NOT organisation
  - patron category code NOT I, category type NOT organisaton
- Check details tab in patron account in staff for all 3
  - Verify patron category description shows correctly
  - Verify information added to the account displays correctly
    (phone numbers, emails, ...)

Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 11580 - [QA Followup] Remove debug statements
Kyle M Hall [Fri, 1 Sep 2017 09:56:09 +0000 (09:56 +0000)]
Bug 11580 - [QA Followup] Remove debug statements

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 11580 : Added unit test
Baptiste Wojtkowski [Thu, 23 Feb 2017 16:21:05 +0000 (16:21 +0000)]
Bug 11580 : Added unit test

Added one unit test when the syspref useDaysMode is active.
This does not move code anymore

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 11580 - If returnBeforeExpiry is ON, use calendar to calculate return date not...
Sophie Meynieux [Wed, 16 Nov 2016 15:46:04 +0000 (16:46 +0100)]
Bug 11580 - If returnBeforeExpiry is ON, use calendar to calculate return date not on closed day (depending on useDaysMode)

Test plan:
1. ReturnBeforeExpiry is activated
2. useDaysMode is different from "circulation rules only"
3. Set expiry date of a patron to a near date
4. Set a closed day on calendar for this date
5. Do a checkout

Without patch, return date will be patron expiration date
With the patch, return date will be last open day before patron expiration day

Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16726: [FOLLOW-UP] Putting text in h1
Aleisha Amohia [Tue, 27 Jun 2017 04:14:47 +0000 (04:14 +0000)]
Bug 16726: [FOLLOW-UP] Putting text in h1

Works as outlined in test plan, search terms now appear at top as h1 as well

Signed-off-by: Dilan Johnpullé <dilan@calyx.net.au>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16726: Clear text in syspref searchbox after submitting
Aleisha Amohia [Wed, 7 Jun 2017 02:09:36 +0000 (02:09 +0000)]
Bug 16726: Clear text in syspref searchbox after submitting

To test:
1) Go to Admin -> search for a system preference
2) Notice your search stays in the search box (this is inconsistent with
    search behaviour across Koha)
3) Apply patch and refresh page
4) Make another search
5) Confirm search still works as expected and search terms have been
cleared from search box
6) Confirm search terms show at the top of the results

Sponsored-by: Catalyst IT
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17797: Add XSLT_Handler in opac/unapi
Marcel de Rooy [Tue, 20 Dec 2016 15:58:05 +0000 (16:58 +0100)]
Bug 17797: Add XSLT_Handler in opac/unapi

Replaces some code by a call to existing module.
Removes the $@->code and $@->message calls.

Test plan
[1] Run /cgi-bin/koha/unapi?id=koha:biblionumber:[number]&format=marcxml
[2] Try some variations.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19209 [Followup] - Ensure checkouts don't prevent deleting patrons
Kyle M Hall [Wed, 30 Aug 2017 16:06:36 +0000 (12:06 -0400)]
Bug 19209 [Followup] - Ensure checkouts don't prevent deleting patrons

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19209: (QA followup) Improve tests
Tomas Cohen Arazi [Wed, 30 Aug 2017 15:30:05 +0000 (12:30 -0300)]
Bug 19209: (QA followup) Improve tests

This path merges the pager() test and adds search results count tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19209: Add ->is_paged method to Koha::Objects
Tomas Cohen Arazi [Wed, 30 Aug 2017 15:09:37 +0000 (12:09 -0300)]
Bug 19209: Add ->is_paged method to Koha::Objects

This patch adds ->is_paged to Koha::Objects. It is inherited from the underlying resultset
from DBIC so there's no code besides adding it to the known methods in AUTOLOAD.

Tests are added for the newly exported method.

To test:
- Apply this patch
- Run:
  $ sudo koha-shell kohadev
 k$ cd kohaclone
 k$ prove t/db_dependent/Koha/Objects.t
=> SUCCESS: Tests pass!
- Sign off :-D

Sponsored-by: Camden County
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18812 - SIP Patron status does not respect OverduesBlockCirc
Nick Clemens [Thu, 15 Jun 2017 15:07:03 +0000 (11:07 -0400)]
Bug 18812 - SIP Patron status does not respect OverduesBlockCirc

To test:
1 - Set 'OverduesBlockCirc' to block
2 - Find or create a patron with overdues
3 - Perform a SIP patron lookup on that patron
misc/sip_cli_emulator.pl -a 127.0.0.1 -p 6001 -su term1 -sp term1 -l CPL
--patron {userid or cardnumber} --password {pass} -m patron_information
4 - Note the first character of response is a ' '
5 - Apply patch
6 - Restart memcached, apache, and plack
7 - Perform SIP patron lookup
8 - Note the first character of response is 'Y'
9 - prove t/db_dependent/SIP/Patron.t
10 - Test should return green

Signed-off-by: Chris Kirby <chris.kirby@ilsleypubliclibrary.org>
Works as advertised

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19056: Replace C4::Reserves::GetReserveCount with Koha::Patron->holds->count
Jonathan Druart [Mon, 7 Aug 2017 20:29:43 +0000 (17:29 -0300)]
Bug 19056: Replace C4::Reserves::GetReserveCount with Koha::Patron->holds->count

This subroutine is only used once and can easily be replaced with
Koha::Patron->holds->count

Test plan:
- Set maxreserves=5
- Place 3 holds for a given patron
- Place again 3 holds for this patron
3+3 > 5 => The holds must not be placed

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19055: Remove C4::Reserves::GetReservesToBranch
Jonathan Druart [Mon, 7 Aug 2017 20:25:15 +0000 (17:25 -0300)]
Bug 19055: Remove C4::Reserves::GetReservesToBranch

This subroutine is no longer in used and can be removed

Test plan:
  git grep GetReservesToBranch
must not return any results

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19007 - Allow paypal payments via debit or credit card again
Kyle M Hall [Mon, 31 Jul 2017 13:18:15 +0000 (09:18 -0400)]
Bug 19007 - Allow paypal payments via debit or credit card again

A recent change in Paypal has removed the previous default option of paying via debit or credit card without an account. To bring this option back, we need to send an additional parameter to the PayPal API.

Test Plan:
1) Enable paypal for your Koha instance
2) Ensure you are not logged in to PayPal
3) Attempt to pay a fine via PayPal
4) Not the the "Pay with Debit or Credit Card" option is missing
5) Apply this patch
6) Refresh opac-account.pl
7) Attempt to make a payment via PayPal again
8) Note the option "Pay with Debit or Credit Card" is now available

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: George Williams <gwilliams@nekls.org>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 14353 - Show 'damaged' and other status on the 'place holds' page in staff
Marc Véron [Sat, 18 Feb 2017 17:35:39 +0000 (18:35 +0100)]
Bug 14353 - Show 'damaged' and other status on the 'place holds' page in staff

This patch adds status 'Damaged' to 'Information' 'Status' in the items
table on 'Place hold' page.

To test:
- Apply patch
- In staff client, try to place an item level hold for items with 'Damaged'
  status.
- Verify that the status 'Damaged' appears in the column 'Information'.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 15924 - Coce not enabled on lists
Nick Clemens [Fri, 26 Feb 2016 14:46:45 +0000 (14:46 +0000)]
Bug 15924 - Coce not enabled on lists

To test:
Enable Coce and disable other image services
Load a list and not there are no covers
Apply patch
Load a list and note there are covers

https://bugs.koha-community.org/show_bug.cgi?id=15924

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19208 - Pay select option doesn't pay the selected fine
Kyle M Hall [Wed, 30 Aug 2017 14:35:03 +0000 (10:35 -0400)]
Bug 19208 - Pay select option doesn't pay the selected fine

The "Pay selected" option on the Fines tab in the borrower account page doesn't work as intended.
The fine on top of the list gets the amount deducted, even if another fine is choosen from the list.

Test Plan:
1) Create two or three fines, using the Create manual invoice function.
2) Choose one of the fines (not the one on the top) and click Pay selected
3) Pay a partial amount
4) Go back to the Pay fines tab an notice that the fine you selected has not changed. Instead, either the top fine or the total (see attachment) has ben affected.
5) Apply this patch
6) Repeat steps 1-3
7) Note the correct fine is paid

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18718: DBRev 17.05.00.005
Jonathan Druart [Fri, 1 Sep 2017 15:58:18 +0000 (12:58 -0300)]
Bug 18718: DBRev 17.05.00.005

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18718: Language selector in staff header menu similar to OPAC
Marc Véron [Fri, 2 Jun 2017 10:11:47 +0000 (12:11 +0200)]
Bug 18718: Language selector in staff header menu similar to OPAC

This patch adds a language selector menu to the top menu of staff client
similar to the OPAC.
Display of language selectors at top, bottom or both can be configured
with system preference StaffLangSelectorModer. It defaults to bottom.

To test:
- Apply patch
- Udate database
- Restart plack and memchached
- Go to staff client, verify that language selector displays at
  the bottom of the page (as before)
- Go to system preferences, verify that there is a new preference
  StaffLanguageSelectorMode (name similar to the sypref ror OPAC), and
  that it is set to 'footer'
- Change mode for top, both and footer and verify, go to staff client
  and verify for each that the language selector displays as appropriate

(Amended for comment #2  2017-06-02 mv)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17827 - Untranslatable "by" in MARC21slim2intranetResults.xsl
Serhij Dubyk {Сергій Дубик} [Tue, 22 Aug 2017 14:19:32 +0000 (17:19 +0300)]
Bug 17827 - Untranslatable "by" in MARC21slim2intranetResults.xsl

Signed-off-by: Serhij Dubyk {Сергій Дубик} <serhijdubyk@gmail.com>
The "by" after the title was not translatable in the result
lists of the intranet. This patch fixes it by removing
a comment, that caused a problem with the translation
scripts.

To test:
Test:

Before this patch in file en-GB-marc-MARC21.po present next paragraph:

msgid "by "
msgstr " by "

According string "by " in the file MARC21slim2intranetResults.xsl can not be translated (in other languages).

After applying this patch performed next command:
cd /usr/share/koha/misc/translator
sudo env KOHA_CONF=/etc/koha/sites/mykohainstance/koha-conf.xml PERL5LIB=/usr/share/koha/lib perl -I /usr/share/koha/lib "./translate" update

Now in the file en-GB-marc-MARC21.po present the following (modified) paragraph:

msgid "by "
msgstr " by "

https://bugs.koha-community.org/show_bug.cgi?id=17827
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19194: Check itemtype is defined when receiving an order
Aleisha Amohia [Tue, 29 Aug 2017 04:51:40 +0000 (04:51 +0000)]
Bug 19194: Check itemtype is defined when receiving an order

To test:
1) Find a record with an item that has no itemtype (or remove the
itemtype of an item)
2) Go to Acquisitions -> Find a vendor or make a new one -> create a new
basket
3) Add the record from Step 1 to your basket
4) Close the basket
5) Go back to the vendor and click 'Receive shipments'
6) Put in an invoice number, click Next
7) Click the Receive link for your item
8) Confirm you see an internal server error
9) Apply the patch and refresh the page
10) The error should be gone and behaviour should continue as expected

Sponsored-by: Catalyst IT
Signed-off-by: Lee Jamison <ldjamison@marywood.edu>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18871: Make patron list name a link to view contents of list
Aleisha Amohia [Wed, 28 Jun 2017 00:40:00 +0000 (00:40 +0000)]
Bug 18871: Make patron list name a link to view contents of list

The link is the same as the 'Add patrons' button in Actions dropdown,
but requires one less click, and makes finding the contents of the list
more obvious.

To test:
1) Go to Tools -> Patron lists
2) Create a patron list if you haven't already
3) Confirm that clicking the name of the list takes you to the correct
list and shows the expected content.

Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18860: Adding thead tags to OPAC messaging settings table
Aleisha Amohia [Tue, 27 Jun 2017 01:59:55 +0000 (01:59 +0000)]
Bug 18860: Adding thead tags to OPAC messaging settings table

So that it can be styled alongside other tables in the OPAC.

To test:
1) Log into staff side
2) Find OPACUserCSS syspref and add the following CSS:
thead {
color: red;
}
3) Log into the OPAC
4) Go to your fines, your search history, your reading history etc -
notice all of these table's headings are styled with red text
5) Go to your messaging. Notice this table's headings are not styled
with red text
6) Apply patch and refresh page
7) Your messaging table should now have red headings.
(You can delete the CSS from OPACUserCSS if you'd like.)

Sponsored-by: Catalyst IT
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18869: [FOLLOW-UP] Show enrollments as disabled link
Aleisha Amohia [Mon, 10 Jul 2017 03:39:21 +0000 (03:39 +0000)]
Bug 18869: [FOLLOW-UP] Show enrollments as disabled link

if club has no enrolled patrons

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18869: [FOLLOW-UP] Make page reload after club or template delete
Aleisha Amohia [Sun, 9 Jul 2017 21:57:06 +0000 (21:57 +0000)]
Bug 18869: [FOLLOW-UP] Make page reload after club or template delete

If deleting the last club or template in a table, the row is deleted
from the webpage by ajax so the nice blue bubble message does not show.
This patch forces the page to reload so the blue bubble message shows
instead of the empty table.

To test:
Confirm that the blue message shows when tables are empty. Add a
template and a club, then delete a club. Confirm the page reloads and
the message shows. Test with template

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18869: Fixing display of patron clubs tables
Aleisha Amohia [Wed, 28 Jun 2017 02:29:27 +0000 (02:29 +0000)]
Bug 18869: Fixing display of patron clubs tables

This patch
1) Hides the club templates table if there are no club templates, shows
an appropriate message
2) Hides the clubs table if there are no clubs. Shows an appropriate
message for whether templates exist
3) Puts the actions in one column, or a dropdown menu

Sponsored-by: Catalyst IT
Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18781: Translatability: Get rid of exposed tt directives in openlibrary-readapi.inc
Marc Véron [Mon, 12 Jun 2017 07:07:28 +0000 (09:07 +0200)]
Bug 18781: Translatability: Get rid of exposed tt directives in openlibrary-readapi.inc

The file koha-tmpl/opac-tmpl/bootstrap/en/includes/openlibrary-readapi.inc
exposes template directives to translation. The only string that should
appear in .po from this file is "Open Library: "

To test:
- Apply patch
- Verify that code changes make sense
- Bonus test: create a new language 'aa-AA', verify in aa-AA-opac-bootstrap.po
  that there is only the following string for openlibrary-readapi.inc:
msgid "Open Library: "
msgstr ""

NOTE: Followed a test plan similar to bug 18776 comment 3

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18780: Translatability: Get rid of exposed tt directive in masthead-langmenu.inc
Marc Véron [Mon, 12 Jun 2017 06:41:41 +0000 (08:41 +0200)]
Bug 18780: Translatability: Get rid of exposed tt directive in masthead-langmenu.inc

The file opac-tmpl/bootstrap/en/includes/masthead-langmenu.inc exposes following tt directive to translators:

"[%% IF ( ( opaclanguagesdisplay ) && ( ! one_language_enabled ) && "
"( languages_loop ) && ( OpacLangSelectorMode == 'both' || "
"OpacLangSelectorMode == 'top') ) %%] "

This patch fixes it.

To test:
- Apply patch
- Verify that language selector in OPAC (top of the page) works as expected
- Bonus test: create a new language 'aa-AA', verify that line above does not
show up in aa-AA-opac-bootstrap.po

NOTE: Followed a test plan similar to bug 18776 comment 3

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18779: Translatability: Get rid of exposed tt directives in authorities-search...
Marc Véron [Mon, 12 Jun 2017 06:20:56 +0000 (08:20 +0200)]
Bug 18779: Translatability: Get rid of exposed tt directives in authorities-search-results.inc (OPAC)

The file opac-tmpl/bootstrap/en/includes/authorities-search-results.inc
exposes template directives to translation where translators should not
be confronted with.

Example:
"[%% PROCESS showreference heading=seeals.heading linkType='seealso' "
"type=seeals.type authid=seeals.authid %%] "

To test:
- Apply patch
- Verify that Authority search in OPAC works as before
- Bonus test: create a new language 'aa-AA', verify that line above
  does not show up in aa-AA-opac-bootstrap.po

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18778 - Translatability: Get rid of tt directive in translation for item-status.inc
Marc Véron [Mon, 12 Jun 2017 05:48:57 +0000 (07:48 +0200)]
Bug 18778 - Translatability: Get rid of tt directive in translation for item-status.inc

The file opac-tmpl/bootstrap/en/includes/item-status.inc exposes a template directive where translators should not be confronted with.

"%s %s [%%#- This include takes two parameters: an item structure and an "
"optional loan (issue) structure. The issue structure is used by course "
"reserves pages, which do not use an API to fetch items that populates item."
"datedue. -%%] %s %s %s %s "

This patch fixes new lines inside a tt directive (comment).
It is merely a string patch.

To test:
Verify that the code changes make sense.
(Bonus test: create a new language 'aa-AA', verify that line above does not
show up in aa-AA-opac-bootstrap.po)

NOTE: Followed test plan similar to bug 18776 comment 3.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18777: Translatability: Get rid of exposed tt directives in opac-memberentry.tt
Marc Véron [Sun, 11 Jun 2017 18:16:46 +0000 (20:16 +0200)]
Bug 18777: Translatability: Get rid of exposed tt directives in opac-memberentry.tt

The file opac-memberentry.tt exposes template directives to translation where
translators should not be confronted with.

Example from po file:
"%s [%% UNLESS hidden.defined('B_address') && hidden.defined('B_address2') && "
"hidden.defined('B_city') && hidden.defined('B_state') && hidden."
"defined('B_zipcode') && hidden.defined('B_country') && hidden."
"defined('B_phone') && hidden.defined('B_email') && hidden."
"defined('contactnote') %%] "

To test:
- Apply patch
- Verify that advanced search in OPAC the page 'your personal details'
  behaves as before
- Verify that you can change values and submit an update request
- Create a new translation for a 'language' aa-AA (perl translate create aa-AA)
- Verify that template directives ar no longer exposed in aa-AA-opac-bootstrap.p

NOTE: Followed test plan similar to bug 18776 comment 3.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18776: Translatability: Get rid of exposed tt directives in opac-advsearch.tt
Marc Véron [Sun, 11 Jun 2017 14:54:28 +0000 (16:54 +0200)]
Bug 18776: Translatability: Get rid of exposed tt directives in opac-advsearch.tt

The file opac-advsearch.tt exposes template directives to translation where translators should not be confronted with.
Example in po file:
"[%% IF ( ( OpacAdvSearchOptions and OpacAdvSearchOptions.grep('itemtype')."
"size > 0 and not expanded_options ) or ( OpacAdvSearchMoreOptions and "
"OpacAdvSearchMoreOptions.grep('itemtype').size > 0 and expanded_options ) ) "
"%%] "

To test:
- Apply patch
- Verify that advanced search in OPAC behaves as before
- Create a new translation for a 'language' aa-AA (perl translate create aa-AA)
- Verify that template directives ar no longer exposed in aa-AA-opac-bootstrap.po

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18754: [QA Follow-up] Tiny corrections
Marcel de Rooy [Fri, 4 Aug 2017 14:44:51 +0000 (16:44 +0200)]
Bug 18754: [QA Follow-up] Tiny corrections

Converted one INCLUDE directive to PROCESS; we are not changing variables here. (The PROCESS directive is slightly faster than INCLUDE because it avoids the need to localise (i.e. copy) the variable stash before processing the template.)

Removed one vim inserted letter i.

Error in [% IF ( XISBN.publicationyear ) _ ', ' _ XISBN.publicationyear %][% END %] The concatenation became part of the condition.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18754: Translatability: Get rid of exposed tt directives in opac-detail.tt
Marc Véron [Fri, 9 Jun 2017 13:43:36 +0000 (15:43 +0200)]
Bug 18754: Translatability: Get rid of exposed tt directives in opac-detail.tt

The file opac-detail.tt exposes a lot of template directives to translation where translators should not be confronted with.

Some examples from po file are:

$[% SUBFIELD.code %] [% SUBFIELD.value %]

%s [%% INCLUDE \"openlibrary-readapi.inc\" bib = { normalized_isbn => "
"normalized_isbn, lccn => lccn, normalized_oclc => normalized_oclc } %%]

See: [% IF ( nextTitle ) %][% nextTitle |html %][% ELSE %]next biblio[% END "
"%]

To test:
- Apply patch
- Do a search in OPAC that has more than 1 results
- Go to the detail page of one of the items found
- Verify that the details display as before and that you can
  browse the results with Previous and Next
- In staff client, change OPACXSLTDetailsDisplay from 'default' to
  empty for "no xslt" and repeat steps above
- In staff client, set HTML5MediaEnabled to 'OPAC' or 'OPAC and staff client'
- Verify that media catalogued in field 856 still work
- Create a new translation for a 'language' aa-AA (perl translate create aa-AA)
- Verify that template directives ar no longer exposed in aa-AA-opac-bootstrap.po

Followed test plan which works as intended

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18660: Translatability: Get rid of template directives [%% in translation for...
Marc Véron [Tue, 23 May 2017 15:09:49 +0000 (17:09 +0200)]
Bug 18660: Translatability: Get rid of template directives [%% in translation for patroncards-errors.inc

Translation for koha-tmpl/intranet-tmpl/prog/en/includes/patroncards-errors.inc
contains a lot of (partial) template directives like:
%%]%s %sLayout: [%%

This patch fixes it

To test:
- Verify that code changes make sense
- Apply patch
- Create a translation (cd misc/translator , then: perl translate create aa-AA
- Verify that in po/aa-AA-staff-prog.po contains no fragments like %%] or [%%
  for patroncards-errors.inc
- Try to get an error: Try a link like
  http://[YOUR SERVER]/cgi-bin/koha/patroncards/create-pdf.pl?batch_id=1&template_id=999&layout_id=999&start_card=1
  ...where template_id and layout_id do not exist

(Amended for comment #2 2017-06-05 mv)
(Amended for comment #6 2017-08-02 mv)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18687: Translatability: abbr tag should not contain lang attribute
Marc Véron [Sun, 28 May 2017 07:34:21 +0000 (09:34 +0200)]
Bug 18687: Translatability: abbr tag should not contain lang attribute

In manage-marc-import.tt, we have an abbreviation:

<abbr title="Differences between the original biblio and the imported" lang="en">Diff</abbr>

In translations (e.g. German), the line appears as follows:
<abbr title="Unterschiede zwischen Originaltitelsatz und importiertem Titelsatz" lang="en">Diff</abbr>

The lang attribute is wrong here, it is still "en".
The text language is the same as defined at the top of the page - or with other
words, the lang tag is superfluous.

This patch removes it.

To test:
Verify that code change makes sense.

Passes QA test and the change is logical
Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18654 - Translatability: Get rid of tt directives starting with [%% in translatio...
Marc Véron [Thu, 29 Jun 2017 13:22:54 +0000 (15:22 +0200)]
Bug 18654 - Translatability: Get rid of tt directives starting with [%% in translation for itemsearch.tt

This patch removes entries like the following in translations of itemsearch.tt:
"[%% INCLUDE form_field_select name=\"homebranch\" options = branches "
"empty_option = \"All libraries\" %%] [%% INCLUDE form_field_select name="
"\"holdingbranch\" options = branches empty_option = \"All libraries\" %%] %s "
"[%% INCLUDE form_field_select name=\"location\" options = locations "
"empty_option = \"All locations\" %%] %s "

New patch on top of Bug 18633 that resolves parts of initial comment.

To test:
- Verify that in itemsearch.tt no tt directives are splitted by new lines
  (search for [% INCLUDE )
- Verify that itemsearch.tt works as before

Followed test plan and verified that tt directives are not split by new
lines, the changes to the fieldset tags in comment 3 have been removed
and itemtype.tt still works correctly as before

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18652: Get rid of tt directive in translation for uncertainprice.tt
Marc Véron [Mon, 22 May 2017 19:09:06 +0000 (21:09 +0200)]
Bug 18652: Get rid of tt directive in translation for uncertainprice.tt

Translation tool shows toe following for ncertainprice.tt
0; url=[% scriptname %]?booksellerid=[% booksellerid %]

This patch fixes it.

To test:
- Apply patch
- Verify that code change makes sense
- Verify that Home > Acquisitions > [vendor] > Uncertain prices for [vendor]
  works as before

- Additional test (for a langunage 'aa-AA')
  perl translate create aa-AA
  verify that line 41 no longer appears in aa-AA-staff-prog.po

Amended to switch from BLOCK to a template variable, see comment #5

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18649: Translatability: Get rid of tt directive in translation for admin/categori...
Marc Véron [Fri, 4 Aug 2017 08:52:13 +0000 (10:52 +0200)]
Bug 18649: Translatability: Get rid of tt directive in translation for admin/categories.tt and onboardingstep2.tt

New patch without trailing IF construction in tt directives as
requested in comment #28

To test: Verify that translation tool no longer shows tt directives as
described in comment #1

New patch, needs SO.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18629: (followup) Plain text "Continue..." instead of BLOCK
Marc Véron [Wed, 14 Jun 2017 07:02:59 +0000 (09:02 +0200)]
Bug 18629: (followup) Plain text "Continue..." instead of BLOCK

Remove
[% BLOCK txt_continue %]Continue to the next step[% END %]
...and restore original text

See comment #19 and comment #20

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18629 - Translatability: Fix problems with web installer 17.05
Marc Véron [Fri, 26 May 2017 11:32:06 +0000 (13:32 +0200)]
Bug 18629 - Translatability: Fix problems with web installer 17.05

The new web installer for 17.05 has a great new design - but it has a lot of
translatability issues. Some strings are not picked for translations,
some expose the content of tt directives, and others are splitted by
html tags, resulting in small text fragments that are not easy to translate.

This patch weeds out such translation problems for step1.tt, step2.tt and
step3.tt

To test:
- Apply patch (on top of Bug 18665 because of html tags inside of
  tt directives in step2.tt)
- Prepare a fresh install (drop database, create database)
- Walk through the installation process and verify that it works as before
- Verify that string changes (in English) make sense
- Create a translation( cd misc/translator, then perl translate create aa-AA)
  then: vim po/aa-AA-staff-prog.po and search for: /installer\/step
  Verify that strings for step1.tt, step2.tt, step3.tt are not fragmented,
  do not contain [%%, and are easily translatable (make sense without having
  to search in source files for context).

(Amended to remove some superfluous chomps 2017-06-27 mv)

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17807: [Follow-up] Use marcxml for marc21 prefix
Marcel de Rooy [Tue, 6 Jun 2017 11:31:29 +0000 (13:31 +0200)]
Bug 17807: [Follow-up] Use marcxml for marc21 prefix

Not sure what happened here, but this is an easy fix.

Test plan:
Try oai.pl with marcxml, marc21 and oai_dc again.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17807: Use XSLT_Handler in Koha::OAI
Marcel de Rooy [Wed, 21 Dec 2016 14:03:18 +0000 (15:03 +0100)]
Bug 17807: Use XSLT_Handler in Koha::OAI

Replacing some code in the OAI modules by a call to an existing module.
Note that the xmldoc format is used in the transform call to get a xml
document object.

The stylesheet method of Repository now only returns the name of the xsl
file to be used instead of a cached xslt object. Similar functionality
inside XSLT_Handler is used when calling transform.

Note: We still lack unit tests in this area. I did not see the need for
adding something for stylesheet since it only returns a simple string.
The other change is made in Record::new; there are no tests for this
module yet and the heart of the change here is actually tested already
in XSLT_Handler.t.

Note: I benchmarked calls to Repository in the old and the new situation
and did not see significant changes.

Test plan:
[1] Run t/db_dependent/OAI/Server.t
[2] Run oai.pl with ListRecords and marcxml.
[3] Run oai.pl with ListRecords and oai_dc.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17807: Add format parameter to XSLT_Handler->transform
Marcel de Rooy [Wed, 21 Dec 2016 14:50:31 +0000 (15:50 +0100)]
Bug 17807: Add format parameter to XSLT_Handler->transform

Format may be chars (default), bytes or xmldoc.
Note: xmldoc is a XML::LibXML document object.
Since the default is chars, this does not affect current use.

Note: The format parameter (xmldoc) will be used later in one of the OAI
modules to prevent duplicated xml parsing.

Test plan:
Run t/db_dependent/XSLT_Handler.t

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17969: (QA followup) Add POD
Tomas Cohen Arazi [Mon, 7 Aug 2017 15:05:54 +0000 (12:05 -0300)]
Bug 17969: (QA followup) Add POD

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 17969: Refactor the way <<items.content>> is generated
Jonathan Druart [Thu, 19 Jan 2017 19:11:21 +0000 (20:11 +0100)]
Bug 17969: Refactor the way <<items.content>> is generated

<<items.content>> is generated 4x in advance_notices.pl and once in
overdue_notices.pl
It would be better to have it in C4::Letters.
It will enforce the fact that it already has the same behavior, make it
testable and reusable.

Test plan:
Use the <<items.content>> tag for advance and overdue notices.
The generated notices must be the same as before this patch.

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19025: Remove C4::Reserves::GetReserveInfo
Jonathan Druart [Wed, 2 Aug 2017 14:52:11 +0000 (11:52 -0300)]
Bug 19025: Remove C4::Reserves::GetReserveInfo

Test plan:
  git grep GetReserveInfo
should not return results

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19025: Move GetReserveInfo to Koha::Holds
Jonathan Druart [Wed, 2 Aug 2017 14:49:08 +0000 (11:49 -0300)]
Bug 19025: Move GetReserveInfo to Koha::Holds

This subroutine is only used once and can be replaced with a call to
Koha::Holds->find
It will avoid unnecessary joins.

Test plan:
- Define a HOLD_SLIP template notice using fields from the tables
reserves, branches, borrowers, biblio, biblioitems and items.
- Generate one and make sure the values are correctly filled

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19088: plugins-upload causes error log noise
Lee Jamison [Fri, 11 Aug 2017 18:58:53 +0000 (18:58 +0000)]
Bug 19088: plugins-upload causes error log noise

After uploading a plugin the error log indicates
use of uninitialized value in $op. This patch
silences the noise.

To test:
1) Set <enable_plugins> to 1 (one) in koha-conf.xml.
2) Set the UseKohaPlugins system preference to 'Enable'.
3) Navigate to Administration -> Manage plugins.
4) Install the test plugin KPZ file attached to this bug.
5) Notice the uninitialized value noise in the error log.
6) Uninstall the plugin (plack restart may be required if plack is
    enabled).
7) Apply patch.
8) Install the plugin again.
9) Notice no noise in the error log.
10) Run qa tools.
11) Run prove t/db_dependent/Plugins.t

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19205 - Pay selected fine generates 500 error
Kyle M Hall [Wed, 30 Aug 2017 13:37:48 +0000 (09:37 -0400)]
Bug 19205 - Pay selected fine generates 500 error

Using the pay selected option from the borrowers account, to pay for one specific fine among other gives a 500 error, despite the payment going through.

Test Plan:
1) Add two fines using the Create manual invoice function.
2) Select one fine and "pay selected".
3) Pay a part of the amount.
4) Note error
5) Apply this patch
6) Repeat steps 1-3
7) No error!

Signed-off-by: Andreas Hedström Mace <andreas.hedstrom.mace@sub.su.se>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18537 - Update Ukrainian installer sample files for 17.05
Serhij Dubyk {Сергій Дубик} [Wed, 23 Aug 2017 14:15:17 +0000 (17:15 +0300)]
Bug 18537 - Update Ukrainian installer sample files for 17.05

Update and translate sample SQL files of the Ukrainian installer.

To test:
- Start with an empty database
- Install uk-UA
- Run the web installer in uk-UA/Ukrainian
- Verify all files load without any problems.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19035 - Stored XSS in lists.pl
Amit Gupta [Tue, 15 Aug 2017 03:03:41 +0000 (08:33 +0530)]
Bug 19035 - Stored XSS in lists.pl

To Test
1. Hit the page /cgi-bin/koha/patron_lists/lists.pl
2. Click on new patron list
3. Add a text in the field Name that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed in both the pages list.pl and list.pl?patron_list_id=xx
xx is patronlist id

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19114 - Stored XSS in parcels.pl
Amit Gupta [Tue, 15 Aug 2017 15:28:34 +0000 (20:58 +0530)]
Bug 19114 - Stored XSS in parcels.pl

Test
1. Hit the page /cgi-bin/koha/acqui/parcels.pl?booksellerid=xx
   xx is booksellerid
2. Add a text in the field Vendor invoice that contains java script
3. Save the page.
4. Notice js is execute
5. Apply patch and reload the js is escaped

Fixed XSS for parcels.pl/parcel.pl/orderreceive.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19112 - Stored XSS in basketheader.pl page
Amit Gupta [Tue, 15 Aug 2017 14:21:48 +0000 (19:51 +0530)]
Bug 19112 - Stored XSS in basketheader.pl page

To Test

1. Hit the page /cgi-bin/koha/acqui/basketheader.pl?booksellerid=1&op=add_form
2. Add a text in the field Basket name, Internal note, Vendor note that contains java script
3. Save the page
4. Notice js is execute
5. Apply patch, reload, js is escaped.

Fixed XSS on pages basket.pl/basketheader.pl/bookseller.pl

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19110 - XSS Stored in branches.pl
Amit Gupta [Tue, 15 Aug 2017 09:30:55 +0000 (15:00 +0530)]
Bug 19110 - XSS Stored in branches.pl

To Test
1. Hit the page /cgi-bin/koha/admin/branches.pl?op=add_form_category
2. Add a text in the field Name and description that contains js.
3. Save the page.
4. Notice js is execute
5. Apply patch and reload, the js is escaped

Fixed for js escaped execute for both pages

1. /cgi-bin/koha/admin/branches.pl?op=delete_confirm&branchcode=xx
   xx is branchcode
2. /cgi-bin/koha/admin/branches.pl?op=add_form with Group(s):

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19100 - XSS Flaws in memberentry.pl
Amit Gupta [Tue, 15 Aug 2017 17:52:32 +0000 (23:22 +0530)]
Bug 19100 - XSS Flaws in memberentry.pl

1. Hit /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/members/memberentry.pl?op=add&guarantorid=xx<script>alert('amit')</script>
   xx - is a guarantorid.
5. Notice it is no longer executed.

NOTE: I had to test in Microsoft Edge, because Chrome was blocking XSS for me.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19105 - XSS Stored in holidays.pl
Amit Gupta [Tue, 15 Aug 2017 03:53:13 +0000 (09:23 +0530)]
Bug 19105 - XSS Stored in holidays.pl

To Test
1. Hit the page /cgi-bin/koha/tools/holidays.pl
2. Select the date
3. Add a text in the field Title and Description that contains js
4. Save the page.
5. Notice js is execute
6. Apply patch and reload, the js is escaped

Fixed for all holidays

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 16069 - XSS issue in basket.pl page
Amit Gupta [Tue, 15 Aug 2017 17:28:02 +0000 (22:58 +0530)]
Bug 16069 - XSS issue in basket.pl page

1. Hit /cgi-bin/koha/acqui/basket.pl?basketno=xx<script>alert('amit')</script>
   xx - is a basketno
2. Notice the java script is executed.
3. Apply patch.
4. Reload page, and hit the page again /cgi-bin/koha/acqui/basket.pl?basketno==xx<script>alert('amit')</script>
   xx - is a basketno.
5. Notice it is no longer executed.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19079 - XSS Flaws in Membership page
Amit Gupta [Fri, 11 Aug 2017 15:38:14 +0000 (21:08 +0530)]
Bug 19079 - XSS Flaws in Membership page

1. Hit /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber
2. Notice the java script is executed.
4. Apply patch.
5. Reload page, and hit the page again /cgi-bin/koha/members/moremember.pl?borrowernumber=xx<script>alert('amit')</script>.
   xx - is a borrowernumber.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19033: XSS Flaws in Currencies and exchange page
Amit Gupta [Fri, 4 Aug 2017 04:14:52 +0000 (09:44 +0530)]
Bug 19033: XSS Flaws in Currencies and exchange page

1. Hit /cgi-bin/koha/admin/currency.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search currencies box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on search currencies box.
6. Notice it is no longer executed

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Fixes the issue, follows common practice on the codebase.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19034: (followup 2) Fix letters.tt XSS flaw
Jonathan Druart [Tue, 15 Aug 2017 16:26:12 +0000 (13:26 -0300)]
Bug 19034: (followup 2) Fix letters.tt XSS flaw

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19034: (followup) Fix letters.tt XSS flaw
Tomas Cohen Arazi [Mon, 7 Aug 2017 14:27:33 +0000 (11:27 -0300)]
Bug 19034: (followup) Fix letters.tt XSS flaw

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19034: XSS Flaws in Z39.50/SRU servers administration
Amit Gupta [Fri, 4 Aug 2017 05:11:49 +0000 (10:41 +0530)]
Bug 19034: XSS Flaws in Z39.50/SRU servers administration

1. Hit /cgi-bin/koha/admin/z3950servers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search Z39.50/SRU servers box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search Z39.50/SRU servers box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19034: XSS Flaws in Cities
Amit Gupta [Fri, 4 Aug 2017 05:08:12 +0000 (10:38 +0530)]
Bug 19034: XSS Flaws in Cities

1. Hit /cgi-bin/koha/admin/cities.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search cities box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search cities box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19034: XSS Flaws in Patron categories pages
Amit Gupta [Fri, 4 Aug 2017 05:04:19 +0000 (10:34 +0530)]
Bug 19034: XSS Flaws in Patron categories pages

1. Hit /cgi-bin/koha/admin/categories.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> search patron categories box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on search patron categories box.
6. Notice it is no longer executed.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19050 - XSS Flaws in Quick spine label creator
Amit Gupta [Mon, 7 Aug 2017 15:19:56 +0000 (20:49 +0530)]
Bug 19050 - XSS Flaws in Quick spine label creator

1. Hit /cgi-bin/koha/labels/spinelabel-home.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> barcode text box.
3. Notice the iframe is executed
4. Apply patch
5. Reload page, and enter iframe again on barcode text box.
6. Notice it is no longer executed

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19051 - XSS Flaws in - Batch item modification page
Amit Gupta [Mon, 7 Aug 2017 16:13:56 +0000 (21:43 +0530)]
Bug 19051 - XSS Flaws in - Batch item modification page

1. Hit /cgi-bin/koha/tools/batchMod.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19051 - XSS Flaws in Batch item deletion page
Amit Gupta [Mon, 7 Aug 2017 15:54:44 +0000 (21:24 +0530)]
Bug 19051 - XSS Flaws in Batch item deletion page

1. Hit /cgi-bin/koha/tools/batchMod.pl?del=1
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Barcode list (one barcode per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Barcode list (one barcode per line) text area.
6. Notice it is no longer executed.
7. Fixes for both barcode and itemnumber.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19051 - XSS Flaws in - Batch record deletion page
Amit Gupta [Mon, 7 Aug 2017 15:38:36 +0000 (21:08 +0530)]
Bug 19051 - XSS Flaws in - Batch record deletion page

1. Hit /cgi-bin/koha/tools/batch_delete_records.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in the Record number list (one per line) text area.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Record number list (one per line) text area.
6. Notice it is no longer executed.
7. Fixes for both biblio and authority records.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19052 - XSS Flaws in - Invoice search page
Amit Gupta [Mon, 7 Aug 2017 16:47:14 +0000 (22:17 +0530)]
Bug 19052 - XSS Flaws in - Invoice search page

1. Hit /cgi-bin/koha/acqui/invoices.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Invoiceno,
   ISBN/EAN/ISSN, Title, Author, Publihser, Publication year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19052 - XSS Flaws in vendor search page
Amit Gupta [Mon, 7 Aug 2017 16:34:30 +0000 (22:04 +0530)]
Bug 19052 - XSS Flaws in vendor search page

1. Hit /cgi-bin/koha/acqui/booksellers.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> vendor search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on vendor search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19054 - XSS Flaws in Report - Top Most-circulated items
Amit Gupta [Mon, 7 Aug 2017 17:04:05 +0000 (22:34 +0530)]
Bug 19054 - XSS Flaws in Report - Top Most-circulated items

1. Hit /cgi-bin/koha/reports/cat_issues_top.pl
2. Enter <IFRAME SRC="javascript:alert('XSS');"></IFRAME> in Callnumber, Day, Month, Year search box.
3. Notice the iframe is executed.
4. Apply patch.
5. Reload page, and enter iframe again on Callnumber, Day, Month, Year search box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 19078 - XSS Flaws in System preferences
Amit Gupta [Thu, 10 Aug 2017 16:21:38 +0000 (21:51 +0530)]
Bug 19078 - XSS Flaws in System preferences

1. Hit /cgi-bin/koha/admin/preferences.pl
2. Enter <script>alert('amit')</script> in search system preferences box.
3. Notice the java script is executed.
4. Apply patch.
5. Reload page, and enter <script>alert('amit')</script> in search system preferences box.
6. Notice it is no longer executed.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
7 years agoBug 18726: Fix XSS at the OPAC - biblionumber
Jonathan Druart [Wed, 9 Aug 2017 17:08:24 +0000 (14:08 -0300)]
Bug 18726: Fix XSS at the OPAC - biblionumber

The biblionumber parameter is sent by the user, we must escape all of
them to avoid XSS.

Fixes: Cross-site scripting OPAC pages
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>