Jonathan Druart [Tue, 2 Aug 2016 15:03:37 +0000 (16:03 +0100)]
Bug 16800: Fix XSS in catalogue/*detail.tt - author
Test plan:
catalogue a bibliographic record with a author=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3169434cfa7295025e4ff5fea58f7e9730a96650) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 4ab091d3bfd2c6659320cbe80d35b805cff3aa4e) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Tue, 2 Aug 2016 15:02:07 +0000 (16:02 +0100)]
Bug 16800: Fix XSS in catalogue/*detail.tt - title
Test plan:
catalogue a bibliographic record with a title=
</title><script>alert('XSS')</script>
Go on the detail pages.
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
This of course means that any html in the title will no longer be
evaluated. :
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 515208d5ec308ade967efe04388bbedbf5f2b057) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit c27216cce84fe07c962a8878be51025c9fe0aace) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 17262: Inject MEMCACHED_* variables into Plack's env
This patch adds two functions to koha-functions.sh to read the
MEMCACHED_* variables from configured instances' apache files (the only
source for that info for now).
It then tweaks koha-plack's start_plack() function so it exports the
variables to env before launching starman.
The patch seems trivial, but it highlights a bigger problem with our
Plack integration as the starman server seems to hang if those
environment variables are defined!
Sponsored-by: ByWater Solutions Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 29df6161ef24e29984d5379640faad24d0e73161) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Magnus Enger [Thu, 8 Sep 2016 13:10:33 +0000 (15:10 +0200)]
Bug 17266 - Update man page for koha-remove with -p
Bug 9754 added the -p|--purge-all option to koha-remove, but this
was not documented in the man page. This patch fixes that.
To test:
Run these commands and look at the formatted man page:
$ xsltproc /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl \
debian/docs/koha-remove.xml
$ man -l koha-remove.8
Make sure this test passes:
$ prove -v xt/verify-debian-docbook.t
Signed-off-by: Liz Rea <liz@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a5806c21d0ab58cf2879cb26b1fe52ba4e4c2139) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 78ab4814f040dccca2b6db7da2cab7164b49ff90) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Kyle M Hall [Wed, 23 Jul 2014 16:43:54 +0000 (12:43 -0400)]
Bug 12629 - Software error when trying to merge records from different frameworks
Test Plan:
1) Choose a bib record that has the default framework.
2) Add a second record using that fast add framework.
3) Merge the records; switch to "Using framework: Default", and choose the original record (i.e. the one that had the default framework) as the merge reference. Clicking 'Next' will trigger the error.
4) Apply this patch
5) Repeat steps 1 - 3, no error should occur
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e8fcc651a3aa9af9d1a49a6cec64fc9bde737a86) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 0b4d68f0601a494c00b19d14c5af970ff04a0122) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 16556 - KohaToMarcMapped columns sharing same field with biblio(item)number are removed.
REPLICATE ISSUE:
1. Map biblio.frameworkcode to 999$b
2. Map biblio.biblionumber to 999$c
3. Add a record with something in 999$b
4. 999$b is removed by C4::Biblio::AddBiblio()
After this patch, the field used by biblio.biblionumber or biblioitems.biblioitemnumber
is not removed and created anew, thus dropping all existing additions.
There is no point in dropping the field in any case, since we can just replace
the existing subfields in-place with no need to recreate the whole field.
UNIT TESTS INCLUDED
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a9eb4005811882da0eb5e20b52861a3c85556dff)
(cherry picked from commit 26ccb6a4809154368e02e5c147414fc7a19d31be) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Owen Leonard [Tue, 9 Aug 2016 16:56:46 +0000 (12:56 -0400)]
Bug 17010 [Follow-up] Canceling a hold awaiting pickup no longer alerts librarian about next hold
This patch makes a minor change to the markup to make the button in the
confirmation dialog conform to the appearance of similar buttons.
To test, follow the original test plan for this bug and verify that the
"OK" button in the dialog looks correct.
Signed-off-by: Liz Rea <liz@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2e79c211db318969b7c9d5ff538dfd54ba1aaed2) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit d9006fd602a8ac472bd9ce38422d82e2b65dd7ec) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Kyle M Hall [Mon, 1 Aug 2016 14:17:04 +0000 (07:17 -0700)]
Bug 17010 - Canceling a hold awaiting pickup no longer alerts librarian about next hold
In previous versions of Koha, if a hold canceled from the "Holds over" tab had other holds on it,
the librarian would be alerted with the message "This item is on hold for pick-up at your library"
and directed to check it in to fill the next hold. This no longer happens.
Test Plan:
1) Apply this patch
2) Find a hold that has been waiting too long
3) Cancel that hold via waitingreserves.pl
4) Note you get the message "This item is on hold for pick-up at your library"
5) Confirm the ok button redirects you to the correct tab
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b80a18ee2f059309a78087e48b9464d2352d444f) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 40e667cd210b57061ca771caa38a4f6a14c22268) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Fri, 12 Aug 2016 09:42:28 +0000 (10:42 +0100)]
Bug 17114: Fix XSS in picture-upload.pl
To reproduce:
1/ cp your_image.jpg 'test<svg onload=alert(1)>.jpg'
2/ Use the upload picture tool to upload this file
=> Without this patch, the alert is show
=> With this patch, the filename is correctly displayed and no alert
Note that the cardnumber var was not escaped neither, it's now.
Signed-off-by: Colin Campbell <colin.campbell@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit da03dbd458c59da0b9213efacd3425e89b453332) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 0fba9c17c9154379430119646c3571f09d986948) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 16554: rewrite mandatory and sample data - de-DE
More changes to de-DE files
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 9261fb4f5bd6fd4b25ce97de7be9262b3719544a) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit f37cbb96f2a24cc90619089033e7ec4074856a3d) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 16554: rewrite mandatory and sample data - it-IT
More changes to it-IT files
Checked marc21 and unimarc files
unimarc_relatorterms.sql had bad encoding, others minor
errors
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit be4cd79aea6908e0c3bb13b032edaf7a15d2e66e) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 6e4dbd3f9bf5dde4e700909a258d372ed008cb78) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 16554: More i18n changes - en, es, nb and pl files
Mostly fixes bad values in auth files ( '' -> 0 )
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6dc2f1ae7c8e60534b4d6dec979c96034aa17f5d) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 25e314bee58af8f0f3fdc4dcd2137378241545d2) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 16554: rewrite mandatory and sample data - pl-PL
More changes to pl-PL files
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 28191a538b8f3bed698f1e67acca156c5b64ebea) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 9d11edefeabbe509e45d8fac7064f5e106533c50) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 16554: rewrite mandatory and sample data - nb-NO
More changes to nb-NO files
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4742f1035b9748dd869653f1c608fff1408353f9) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit a05c4d11de6cf8532ff926873ce84c94cba58019) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 16554: rewrite mandatory and sample data - es-ES
More changes to es-ES files
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8cfa6f633a1be9a12a3a98524b05fae47fb4aa02) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit fd02ef7fc26945d0ffd3ed01ff3b716ebaa79270) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
This patch fix web installer for
de-DE, es-ES, fr-CA, nb-NO and pl-PL
To test:
1) Apply patch
2) Try web installer for any/all listed languages.
a) de-DE, es-ES, fr-CA and pl-PL
There must be no problems for marc21 + all sample files
b) nb-NO
There must be no problems for normarc + all sample files
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e38cad45e8ef2df88dc4a2c8345ac1d92f8dd8e8) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 884e877be398cf684988f90ea9fb42639fadcc0e) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Rewrite autorites_norme_unimarc.sql to
use only one INSERT IGNORE.
New load method complains about duplicate keys,
and both auth files are mandatory!
Also removed blank space from sample_labels.sql
Tested with unimarc_complet and all sample files.
To test
1) Apply the patch
2) Try fr-FR web installer, unimarc_complet + all sample files
There must be no errors
Don't know if fr-FR marc21 and unimarc_lecture_pub are used,
need a look from french users.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b5ae31e7fdcdd932d1475e30fa73fba15c2b2815) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit ad9d0a3beb612cf69bf80d4ca5f1cbbd05641efd) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
1. Home > MARC Framework > Default > Actions > MARC structure
2. On 073 field (for example), click Edit
3. Click on Edit subfield button
4. Click on Save changes
5. Take a look in intranet logs. You find:
Use of uninitialized value in string eq at
../admin/marc_subfields_structure.pl
6. Apply the patch, and repeat steps 3-5
=> no more warning in log
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 259679e9dece15b69b216b8e39f8e4ebd0b58800) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit cdf0c5dc16de28d9b8df1858aa0d0139a425b86f) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Andreas Roussos [Fri, 9 Sep 2016 16:46:33 +0000 (19:46 +0300)]
Bug 16311 - Advanced search language limit typo
In the OPAC -> Advanced Search, the Language drop down menu incorrectly
lists Romanian as "Român (Romanian)" while the correct value (as reported
by Barry Cannon) is "Română (Romanian)".
This patch fixes that:
a) for _new_ installations by modifying
installer/data/mysql/mandatory/subtag_registry.sql (loaded by the web
installer when koha is installed), and also
b) for _existing_ installations by adding an atomicupdate file in
installer/data/mysql/atomicupdate/
Test plan:
1) In the OPAC, go to Advanced search (cgi-bin/koha/opac-search.pl).
2) In the 'Language' drop down menu, observe that the value for Romanian
is "Român (Romanian)".
3) Apply the patch, and run installer/data/mysql/updatedatabase.pl.
4) Refresh the Advanced search page in the OPAC. Confirm that the patch
worked, i.e. the Language drop down menu lists Romanian as
"Română (Romanian)" (notice the added 'ă').
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fc9279774f69e8eb10e9d26202b43252fc777f28) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit eceb09a8a3a96d3481de62464e5f95c1aea8d548) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 6852: Staged import reports wrong success for items
If we import items that have a wrong branch code, the items will not
be imported but manage-marc-import reports them as imported. (A wrong
branch code probably occurs most, but other causes are possible too.)
The underlying cause is that AddItem does not look at the error
returned from _koha_new_item in Items.pm.
This patch deals with that omission in the most economical way. It adjusts
AddItem so that it returns undef if no item was added.
In ImportBatch.pm I check if an item was added and adjust the totals
accordingly instead of just always counting them.
Note: Several scripts like additem.pl use AddItemFromMarc to call
AddItem. They do not report an error, but fail silently. With this patch,
these scripts get undef and will still fail silently. (No change.)
Adding error checks around calls of AddItemFromMarc is outside the scope of
this report. Here we are taking care of correct imported item numbers.
Test plan:
[1] Verify that additem.pl still works by adding a new item.
[2] Run t/db_dependent/Items.t
[3] Add a new branchcode, say XXX.
[4] Pick a biblio record with a few items (n) and set one item to branch XXX.
[5] Export this biblio with items to a MARC file.
[6] Change the XXX item to the original branch and remove branch XXX.
[7] Import the MARC file. Verify that one item was not imported and that
the number of imported items reflects that (equals n-1).
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 48aba1533c7c55ed0f4b9e528ceccc9e0dd3d795) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 9aee97978e3edc949d1827d7aeaf75df58e4f9e9) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
To test:
1) Go to Serials
2) Click Advanced Search in the toolbar at the top
3) Notice heading says Serials subscriptions (0 found) before a search has even happened
4) Apply patch and click Advanced Search again
5) Heading should now say Serials subscriptions search
6) Submit search
7) Heading should say how many subscriptions your search found (like before)
Sponsored-by: Catalyst IT Signed-off-by: Marc <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 031219935c41643734de7836ed86b59ed6be5fd1) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 65b9766a0a3f1a3e9cdb19ea3c4223ab1cac6828) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Lee Jamison [Mon, 29 Aug 2016 20:24:49 +0000 (16:24 -0400)]
Bug 17220: Change hold confirmation string from 'Place hold' to 'Confirm hold'
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 80981941256bab8ea5f921b7411d254c918e6b3a) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit b3dd22c09bcf68b3b2b7e1c7c3b9d63dffa4ab60) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 16822: Make koha-common call koha-plack without --quiet
This patch removes the --quiet option switch in koha-common.init so
problem information is not hidden for sysadmin users.
To test:
- Have plack enabled for a koha instance:
$ sudo koha-plack --enable kohadev
$ sudo koha-plack --start kohadev
- Run:
$ cd kohaclone
$ debian/koha-common.init {start|stop|restart}
=> SUCCESS: No behaviour change
- Disable the 'cgi' apache module:
$ sudo a2dismod cgi
- Run:
$ debian/koha-common.init {start|stop|restart}
=> FAIL: No warning is shown
- Apply the patch
- Run:
$ debian/koha-common.init {start|stop|restart}
=> SUCCESS: Warnings show up
- Sign off :-D
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Perfect thanks :)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit eaa11da5624f308768c4eb2c7016b5cd32c35fb1) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 14cec5d6b9e680b30743f78dca87251d31df3c93) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Magnus Enger [Thu, 8 Sep 2016 12:55:58 +0000 (14:55 +0200)]
Bug 17267 - Document koha-create --adminuser
A description of --adminuser was missing from debian/docs/koha-create.xml
This patch adds a description in the Options section, as well as under
DEFAULTSQL in the list of configuration variables.
To test:
Run these commands and look at the formatted man page:
$ xsltproc /usr/share/xml/docbook/stylesheet/docbook-xsl/manpages/docbook.xsl \
debian/docs/koha-create.xml
$ man -l koha-create.8
Make sure this test passes:
$ prove -v xt/verify-debian-docbook.t
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
Edited commit message to fix typo - koha-mysql -> koha-create as that's what we're testing. :)
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f31d3175b3f00dde49fced00e169cd2ea3cabcf5) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit df2e2ff2235cb141b1d84a10b74796e715bcbef6) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Hector Castro [Wed, 31 Aug 2016 19:33:53 +0000 (13:33 -0600)]
Bug 17152: Do not copy value when duplicating a subfield
When cataloguing, if you want to duplicate a subfield that is not
empty, the new subfield is created with a copy of data in it.
This is not the case when you duplicate an whole field. The new one is
created with subfields but without data in it.
Test plan:
Add or edit a bibliographic record
Fill a subfield
Duplicate the subfield
=> Without this patch the value of the input will be copied
=> With this patch the new input will be emptied
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 451fd67dd15b967471983c7c8dc601e0d1f65228) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 71b81ae6d63089fc22a24157942426346d54c034) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jacek Ablewicz [Thu, 1 Sep 2016 16:13:50 +0000 (18:13 +0200)]
Bug 17072: 006 not filling in with existing values
When you use the 006 builder to view the existing values in the 006
tag, Koha is not pulling these existing values into the builder
window. Instead, Koha appears to be using defaults.
To reproduce:
1. Open a record in the editor
2. Switch from BKS to another material type.
3. Change as many settings as possible.
4. Close plugin.
5. Reopen plugin - notice your selections are not shown.
Trivial patch, heavilly inspired by Bug 9093.
To test:
1. Apply patch
2. Ensure that issue described above is no longer reproductible
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a1fd726157c5857ecde1b66e79284f48142be7e5) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit b473e0791f97f731c4639de76905b4a8f592c928) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Aleisha Amohia [Wed, 24 Aug 2016 00:16:43 +0000 (00:16 +0000)]
Bug 17175: Typo in patron card images error message
To test:
1) Go to Tools -> Patron Card Creator -> New Image
2) Click Upload without attaching anything
3) Notice typo
4) Apply patch and refresh page (resend information if prompted)
5) Notice typo fixed
Sponsored-by: Catalyst IT Signed-off-by: Claire Gravely <claire_gravely@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ea13ea00830a8061842fa13b6110e0a4e75aa444) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 2279c2b64e1c26c5221d92727e3f4d7c0bfe1b9a) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Andreas Roussos [Wed, 24 Aug 2016 14:10:29 +0000 (17:10 +0300)]
Bug 17185: Staff client shows "Lists that include this title:" even if item is not in a list
In the staff client, the text "Lists that include this title:"
is always shown, regardless of whether the item is in a list
or not. This patch fixes that.
Test plan:
1) Log in to staff client.
2) Go to biblio details view:
/cgi-bin/koha/catalogue/detail.pl?biblionumber=X
Confirm that "Lists that include this title:" is
shown even if the item is not in a list.
3) Apply the patch.
4) Repeat step 2. Confirm that the patch works, i.e.
"Lists that include this title:" is only shown
for biblios that are actually in a list.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Only applies to non-XSLT view.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit add90157eb859143dc782fded4b00a47a39d8abe) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 551067f89c251420c6704ec262e4915782105c47) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Marcel de Rooy [Wed, 17 Aug 2016 13:14:12 +0000 (15:14 +0200)]
Bug 16809: Follow-up for scalarizing biblionumber
Still resolves another multi_param warning.
Test plan:
Look at your logs before and after this patch when saving a biblio
record (you may have to start plack again).
If your biblionumber is mapped to 999c, you should no longer have a warn
about line 2563 (disclaimer: line numbers are subject to change).
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 377feb9cdf5b4d490dee7640b50c374e28f4550f) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit b7b48eda3f973c9eee3b91d024c04c78c2ddb547) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Most of the floodiness is caused by accessing the cgi parameters
in a context which is hard to determine. By purposefully saving
the value to a scalar variable and using the variable, the issue
disappears, and it will likely be a tiny tad faster as variable
access is faster than multiple function calls.
TEST PLAN
---------
1) Back up your intranet error log
-- for example:
cp ~/koha-dev/var/log/koha-error-log ~/koha-error-log.backup
2) Blank your intranet error log
-- for example:
echo > ~/koha-dev/var/log/koha-error-log
3) Log into your staff client
4) Click 'Authorities'
5) Click 'New from Z39.50'
5) Type 'Seuss' into 'Name (any):' and press enter
6) Click 'Import' beside the first link
7) Click 'Save'
8) Check your koha-error-log
-- floody!
9) Apply patch
10) repeat steps 2-8
-- blank!
11) restore your intranet error log
-- for example:
mv ~/koha-error-log.backup ~/koha-dev/var/log/koha-error-log
12) run koha qa test tools
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested with addbiblio.pl. I would have preferred the scalar option in terms
of simpler code, but this works too.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 28ad0ab51321955878082d363be2210589a8261f) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 4cabeda007ddb062f60a2c05f69f29a919acbcdf) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Conflicts:
C4/Biblio.pm
Owen Leonard [Thu, 18 Aug 2016 17:08:33 +0000 (13:08 -0400)]
Bug 14612 - Overdue notice triggers should show branchname instead of branchcode
This patch adds the Branches template plugin to the overdue notice
triggers template so that the library name can be shown instead of the
branchcode.
Also changed: Updated page title to match the name used in tools menus.
To test, apply the patch and go to Tools -> Overdue notice/status
triggers.
- Select a library.
- When the page reloads, the 'Defining overdue actions for...' and
'Rules for overdue actions: ' headings should show the library name
instead of the branchcode.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ead7b938d8da426798eb7337aa1b623fa545da5c) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit b711695552e293ddf8f649b12122297c688ced73) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/tools/overduerules.tt
Jonathan Druart [Tue, 23 Aug 2016 13:17:53 +0000 (14:17 +0100)]
Bug 16464: Add FIXME
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 931ed0ec9bbad4baa18547d361e2bed52140b637) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 41f7626fe591a46d790b65c39aead7e28157dfad) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Owen Leonard [Tue, 9 Aug 2016 13:49:33 +0000 (09:49 -0400)]
Bug 16464 - If a patron has been discharged, show a message in the OPAC
This patch adds a message to the patron home page in the OPAC to be
shown if the user is restricted because of a discharge.
To test, apply the patch and log into the OPAC as a patron who has been
discharged.
- You should see a message which says so, including a link to
the discharge notice.
- Log in to the OPAC as a patron with a manual restriction and confirm
that the correct notice is displayed.
Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e67fc1806cbcb9fbe038b67ad0862f3f163a4313) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit fa4171ce58fe7be54eb404d2e0d06edafb698954) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Conflicts:
opac/opac-user.pl
Magnus Enger [Wed, 31 Aug 2016 08:47:43 +0000 (10:47 +0200)]
Bug 17228 - Make two versions of SIPconfig.xml identical
Several bugs have made changes to etc/SIPconfig.xml but not
updated debian/templates/SIPconfig.xml. This means that an admin
using the Debian packages who enables SIP2 for a site and looks at
/etc/koha/sites/<instance>/SIPconfig.xml will not see an up-to-date
version of that file, with the risk of missing possible config
opportunities.
Since debian/templates/SIPconfig.xml contains no placeholders or
other magic stuff related to the Debian packaging, this patch simply
copies etc/SIPconfig.xml to debian/templates/SIPconfig.xml
To test: diff etc/SIPconfig.xml debian/templates/SIPconfig.xml
There should be no difference between the files
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d0d8bd18225483c3c28ba9e0bd368301c6835a66) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 35133dabed2d8f929617ed002bdf9d88eb295300) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Holger Meißner [Thu, 11 Aug 2016 09:22:00 +0000 (11:22 +0200)]
Bug 14434: Display "Not renewable (on hold)" in OPAC
This patch makes the OPAC display "Not renewable (on hold)" when
a hold is placed.
Test plan:
1) Do not apply patch.
2) Issue an item with automatic renewal.
3) Issue an item with manual renewal.
4) Place a hold on both items.
5) Log in as patron and note that the column "Renew" says "Automatic
renewal (x of y renewals remaining)" for the auto renewed item
and "(On hold) for the other item.
6) Apply patch.
7) Refresh OPAC and note that now "Not renewable (on hold)" is displayed
for both items.
8) Cancel the holds, then log in as patron again and confirm that the
correct renewal conditions are displayed.
Sponsored-by: Hochschule für Gesundheit (hsg), Germany Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 77b03f1e8b2afe0e9063b06785a0eb468fb029ed) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 930b32bc479628b9d8cb57ec73a5f1d22a4207e1) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Fri, 19 Aug 2016 11:43:24 +0000 (12:43 +0100)]
Bug 16990: Display branch names instead of code in patron mod requests
To test:
- change your homebranch in the OPAC, submit
- change patron modification request in the staff client
- Verify that it shows the old and new branch name instead of the
code
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3f585d44e8f5f04b47a9f949dc6dcd8a1b3cbf7a) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 1147fe4c0faef00006bd6d1d2caf66c308001e99) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Mon, 15 Aug 2016 14:45:38 +0000 (15:45 +0100)]
Bug 17128: Make summary-print.pl plack safe
$borrowernumber is used in build_issue_data but not correctly defined
(Variable "$borrowernumber" is not available)
That may cause wrong charge displayed in the summary slip.
Test plan:
- Set rental charge for an item type
- Define a rental discount for that item type in the circ rules
- check in an item matching this rule
Without this patch the charge displayed in the summary slip won't be
calculated with the discount
With this patch applied, the warning in the logs will no longer appear
and the values will be correctly calculated.
Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2cf1e97e5cb6531f0d1d504dda35a836d86466c2) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit ade3ffb5ac38f675ea96a9119ff14ca15d48f9dc) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Sat, 9 Jul 2016 12:13:35 +0000 (13:13 +0100)]
Bug 16886: Make the 'Upload patron images' tool plack safe
Some vars are accessed from subroutine, but defined with my.
It causes at least the 2 followings errors:
Variable "$filetype" is not available at
/home/koha/src/tools/picture-upload.pl line 240.
Variable "$uploadfilename" is not available at
/home/koha/src/tools/picture-upload.pl line 241.
To avoid that, they are now declared with our.
Test plan:
Upload image for a patron and confirm that you get a "Result" table and
the errors do not longer appear in the logs.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 762415a2ff18e5a1b783f8eff2275e7d47216343) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 4cf4751c08edb6830714cc6dd3408ccb089756cd) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Owen Leonard [Thu, 25 Aug 2016 18:06:11 +0000 (14:06 -0400)]
Bug 17200 - Badly formatted "hold for" patron name on catalog detail page
This patch adds a space between first name and surname on the
bibliographic detail page when there is "hold for" information in the
status column of the holdings table.
To test, apply the patch locate a title in the staff client catalog
which has one or more confirmed holds on it. Verify that the patron's
name in the "status" column of the holdings table looks correct, with a
space between first and last name.
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f17b491f357267aa037480593158b13c426051ab) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit c364afd2aa9da8455853c7481c620e0cbef599c3) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Owen Leonard [Thu, 18 Aug 2016 15:58:42 +0000 (11:58 -0400)]
Bug 11019 - Require some fields when adding authorized value category
This patch modifies the form for adding an authorized value so that
the category is a required fields.
Previously a new authorized value category could be saved with no data.
To test, apply the patch and go to Administration -> Authorized values.
- Click the "New category" button.
- Click the save button without filling in the category.
You should be prevented from submitting the form.
- Verify that filling in the required field allows the form to be
submitted.
- Perform the same test when editing an existing authorized value.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Follow-up for QA: Allow a blank authorised value to be created.
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Amended test plan.
Owen Leonard [Fri, 19 Aug 2016 14:08:38 +0000 (10:08 -0400)]
Bug 13921 - XSLT Literary Formats Not Showing
This patch adds some missing literary formats to the staff client and
OPAC's search results XSLT display.
To test you must have DisplayOPACiconsXSLT and DisplayIconsXSLT system
preferences enabled. XSLTResultsDisplay and OPACXSLTResultsDisplay
should be set to 'default.'
Perform searches in the staff client and the OPAC and confirm that the
following literary forms (defined in 008 position 33) display correctly:
Not fiction; Fiction; Dramas; Essays; Novels; Humor, satires, etc.;
Letters; Short stories; Mixed forms; Poetry; Speeches.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8850540deafc471b9b356e35ae67780a51829271) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit bb166e9b1af08e3834c4adb1f2e6175cf6003d5d) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Mon, 22 Aug 2016 12:48:59 +0000 (13:48 +0100)]
Bug 17157: Same for "More"
Here I decided to redirect to the mainpage.
Works as dexcribed. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit bfc72c91849b75a7ab4349f5d6a6798f3c6d0814) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 659bdfa5ab03dcc3b4fad72b98962aae76b9abf6) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Kyle M Hall [Fri, 24 Jun 2016 15:18:04 +0000 (15:18 +0000)]
Bug 11144 [QA Followup] - Let each script run in sequence even if one fails
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested the A;B;C variant here. If A fails, B will run. Since we can safely
assume that A (or B) will not fail on a daily basis, this seems to be better
than running them in the wrong order every day.
As the comments on Bugzilla show, several people support this improved
(reordered) scheme and look forward to improved error handling on another
report (obviously not that simple).
Katrin Fischer [Tue, 9 Jun 2015 21:13:15 +0000 (23:13 +0200)]
Bug 11144: Fix sequence of cronjobs: automatic renewal - fines - overdue notices
The patch changes the sequence of cronjobs in the crontab example
file and in the cron.daily file of the packages.
This is why:
1) Renew automatically
... only when we can't renew, we want to
2) Calculate fines
... once the fine are calculated and charged
we can print the amount into the
3) Overdue notices
Before the change it could happen that you'd charge for an item,
that would then be renewed. Or that you'd try to print fine
amounts into the overdue notices, when they would only be
charged moments later.
To test:
- configure your system so you have items that should
- be charged with fines
- renew automatically
- configure your crontabs according to the example file
or switch the cron.daily in your package installation with
the new one
- configure your overdue notices so that one should be generated
<<items.fine>>
- Wait for the cronjobs or schedule them to run earlier
- Verify all is well and as it should be
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 596ddef3c33f675f9daad675512fb119f80a23fa) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 110dded2d1949851dc3e4314176cbf4c277f4711) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Marcel de Rooy [Tue, 23 Aug 2016 14:33:10 +0000 (16:33 +0200)]
Bug 14390: [Follow-up] Only update FU record in UpdateFine
Exclude O, F and M when outstanding == 0.
Check if the issue_id points to a FU record.
Note: We only warn now when we see a second FU record with this issue id.
That should be a rare exception. As before, we are just counting it in
our total. Added a FIXME.
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested fine on overdue. Renewed and backdated for a second fine. The F
and FU can be seen on the Fines tab and are totaled on Check out.
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fa48df281d68fe1d27cc6fb10b41e4504a70afb9) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 0894b24c3d6e7d915871bd56a22ff9a10741b7b9) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Conflicts:
C4/Overdues.pm
Kyle M Hall [Tue, 1 Dec 2015 17:59:25 +0000 (17:59 +0000)]
Bug 14390 [QA Followup] - Fix warning
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 59d2cd97573c2caa9142bdfdc2be328f9e865429) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit a8e3c4a1a963fb16725eb9291d5ba8552662bb3c) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Kyle M Hall [Tue, 1 Dec 2015 16:53:03 +0000 (16:53 +0000)]
Bug 14390 [QA Followup] - Unit Test
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 57e5c70ed4004fe501840db97cc4ffdd47687247) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 86830cf26309566350d06bff2bc52793a4e02fa6) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Kyle M Hall [Fri, 6 Nov 2015 18:20:56 +0000 (13:20 -0500)]
Bug 14390 - Fine not updated from 'FU' to 'F' on renewal
Test Plan:
1) Find an overdue checkout with a fine
2) Renew item, note fine is not closed out (Account type F)
3) Apply this patch
4) Find another overdue checkout with a fine
5) Renew item, note fine is now correctly closed out
6) Backdate a checkout to be already overdue ( but not have a fine since
fines.pl hasn't run yet )
7) Renew item, note a closed out fine is created
Signed-off-by: Sean Minkel <sminkel@rcplib.org> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fe71eb0811a6271fff568ca6b599514a57ff3206) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 895bdb8b40a30a76dcccdfe5ed116e84f89ef227) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Wed, 25 May 2016 16:05:58 +0000 (17:05 +0100)]
Bug 16587: Same fixes for the staff interface
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 120967a6a9e777d0f99300fdbb6552943ce6e9af) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Chris Cormack [Wed, 25 May 2016 14:06:28 +0000 (14:06 +0000)]
Bug 16587 opac-sendshelf.pl is vulnerable to XSS
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendshelf.pl?email=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&shelfid=4
2/ Notice you get a js alert
3/ Apply patch
4/ Notice the js is now escaped
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 4e817ee04c2b5fbc2353ff382c6630322e57d8ae) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Chris Cormack [Wed, 25 May 2016 14:01:41 +0000 (14:01 +0000)]
Bug 16587 - opac-sendbasket.pl is open to XSS
To test
1/ Hit a url like
http://localhost:8080/cgi-bin/koha/opac-sendbasket.pl?email_add=%3Cscript%3Ealert(%27XSS%27)%3C%2Fscript%3Ezz%40zz&comment=tes&bib_list=3
Where bib_list is a valid basket number
2/ Notice you get a javascript alert showing
3/ Apply patch
4/ Notice the text is now escaped
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 05a014b7668e0c4fa662821f7774ac733fd0cc7f) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 15930 modified default value for DataTables patron search.
The doc text should also be modified :
"Can be 'contain' or 'start_with' (default value). Used for the
searchmember parameter."
Test plan :
- install Koha with patch
- look at man page man/man3/C4::Utils::DataTables::Members.3pm
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 29b4ee5c74949d9706387b1d02b858cd697a57d6) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 030487d9e341a16b7220d4c45e8f8e3677844906) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Mon, 15 Aug 2016 14:11:19 +0000 (15:11 +0100)]
Bug 17100: Restore previous logic
There is no need to change the previous logic here, so let's restore it.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f8230d5d0a6f20f0e054744221d5ad4b1ca467e3) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 06e37a47df894b42accbd1b98c734515ff3b3e12) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Marc Véron [Wed, 10 Aug 2016 09:42:28 +0000 (11:42 +0200)]
Bug 17100: Do not display payments if patron has nothing to pay
This alternative patch moves logic and formatting to the template file.
To test:
* without patch
1/ find a patron with no lines in accountlines table : print summary shows no "account fines and payments" => OK
2/ find a patron with some lines in accountlines table and the total amount > 0 : print summary shows a table "account fines and payments" with fines to recover => OK
3/ find a patron with some lines in accountlines table but the total amount = 0 : print summary shows a table "account fines and payments" with nothing in it => NOK
* with the patch, same cases as before :
1/ same as without patch
2/ same as without patch
3/ print summary does not show "account fines and payments"
- Additionally, verify that formatting follows syspref 'CurrencyFormat'
- Verify that amount column is right-aligned
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 492a64cef95c6afb1644cbb4f1be181c2442cbd8) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 7602198e60e0a43c1d35164db2c49d26412bfc08) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 17001: fix due date filter on the overdue report
When the TimeFormat system preference is set to "12 hour",
setting a filter on the due date can result in:
- no overdue loans being reported, even if there are some
that meet the criteria
OR
- overdue loans being omitted from the report if they
are due on the "until" date in the filter
This patch fixes this by replacing output_pref() with
DateTime::Format::MySQL to format the date filter values
to pass to the SQL query.
To test
-------
[1] Run the overdue report (circ/overdue.pl) and set a filter
on due date, using values that should bring up one or
more overdue loans.
[2] Note that zero overdue loans are returned (if using MySQL
5.5, 5.6, or 5.7 or MariaDB 5) or that loans due on the
"until" date are omitted (if using MarioDB 10).
[3] Apply the patch and repeat step 1. This time, the correct
set of overdue loans should be reported.
Signed-off-by: Galen Charlton <gmcharlt@gmail.com> Signed-off-by: Jason Robb <jrobb@sekls.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 761001add1a95d147a23b74e8d817890ffc08ac5) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 2ce7bf6ed5c6d74e3635666f93ef9e1f90d091c0) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Fridolin Somers [Thu, 11 Aug 2016 08:58:40 +0000 (10:58 +0200)]
Bug 17107 - Add ident and Identifier-standard to known indexes
Add ident and Identifier-standard to known indexes in C4::Search::getIndexes().
Those indexes can be very useful, for example for IdRef feature.
Test plan :
- Make sure some records have a field indexed with Identifier-standard, ISBN=1234 for example
- Perform a search /cgi-bin/koha/opac-search.pl?idx=ident,phr&q=1234
=> you find the record
- Perform a search /cgi-bin/koha/opac-search.pl?q=ident:1234
=> Without patch : you get no results
=> With patch : you find the record
Idem for 'Identifier-standard'
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4884f3a00a99c959059b7d12544c271a1e1ab616) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 7547ffcc96a43fb4228896a431344155c72bc910) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Mon, 1 Aug 2016 12:46:49 +0000 (13:46 +0100)]
Bug 17009: Speed up the framework duplication
To duplicate frameworks, the code retrieve all the subfields, then
execute 1 insert per subfield.
It's unnecessary slow, we can use the DBMS to do it.
Test plan:
Create a new framework and duplicate the structure of another framework.
Signed-off-by: Marc <veron@veron.ch> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 739eaa82e8b52a1ef83e995badc7ddfa3a32e3fc) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 6551bebd939aefb3a4e6c59d3bee83c311cd842d) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jacek Ablewicz [Fri, 12 Aug 2016 14:19:52 +0000 (16:19 +0200)]
Bug 17117: Patron personal details not displayed unless branch update request is enabled
In patron acount ("your personal details" tab, which serves as a form
for submitting update requests as well) it's not possible to display
some account details like expiration date etc., without enabling
the field for branch / library update requests too.
To reproduce:
1) set OPACPatronDetails to "Allow"
2) clear PatronSelfModificationBorrowerUnwantedField preference
- all possible fields in the update requests form are visible
in patron account, including some extra details (card number,
expiration date, category) in the "Library" section on top
3) put 'branchcode' in PatronSelfModificationBorrowerUnwantedField preference
4) the whole 'Library' section disappears
To test:
1) apply patch
2) put 'branchcode' in PatronSelfModificationBorrowerUnwantedField,
'Library' section should remain visible (sans branch selection option)
3) put 'branchcode|cardnumber|datexpiry|categorycode' in the same
preference, 'Library' section should now disappear
Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fb449aaede3f23ee71e9e50286a26035bb3ef640) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 700c602634390f34a3fac86c158d95b30bc03963) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Tue, 2 Aug 2016 08:43:01 +0000 (09:43 +0100)]
Bug 16955: Do not clear from cache when adding a new framework
There are several issues with these lines:
1/ $cache is not defined correctly and it not visible inside
duplicate_framework
2/ $frameworkcode is a wrong c/p, it should be $newframeworkcode
3/ these calls are not needed. As we are creating a new framework, the cache
should be empty...
This patch will simply remove these calls
Test plan:
Duplicate a framework and confirm that you do not get any error in your
logs.
Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 84812129c979557cd2232c3a8b5b0f01c368a634) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit c05e2c13552ec9236de8ba8052864d91134516a3) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Wed, 3 Aug 2016 15:28:24 +0000 (16:28 +0100)]
Bug 16996: Do not explode if mandatory fields are missing
At the OPAC, if a patron modify his/her information and at least 1
mandatory field is missing, Koha will crash with
Template process failed: undef error - Can't call method "description"
It is raised by Koha::Template::Plugin::Categories::GetName called with
an undefined categorycode.
The problem is that the values sent originaly are not sent back to the
template if the user missed something.
This patch makes that all info are resent to the template in order to
show the same form to the user.
Test plan:
0. Apply patch
1. Make sure that the categorycode is not hidden in the OPAC in:
PatronSelfRegistrationBorrowerUnwantedField or PatronSelfModificationBorrowerUnwantedField
2. Add a required field in PatronSelfRegistrationBorrowerMandatoryField, for example email.
3. Go to Your Personal Details in the OPAC (opac-memberentry.pl) and leave blank the required field of point 2
4. Press "Submit update request"
There should be no software error.
NOTE: The warns will be floody on the logs.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Marc <veron@veron.ch> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8c5cb134ee75aad77a9ba9b9fd84005fc0a9feb3) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 803ad5b022e0c469d27336bdcdfb4966f3f01960) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 14844: Corrupted storable string. When adding/editing an Item, cookie LastCreatedItem might be corrupted.
No idea how to replicate this issue but we have been getting several reports
about the following error:
Software error:
Corrupted storable string (binary v2.9) at /usr/lib/perl/5.18/Storable.pm line
417, at /home/koha/kohaclone/cataloguing/additem.pl line 375.
TEST PLAN:
1. Add or modify an Item.
2. No observed changes.
?. We don't know what causes this but we know that add/modify Item occasionally
crashes due to failure of a cookie thawing.
This patch prevents the whole program from dying, because this error is not
critical enough to warrant dying.
Also there is no centralized mechanism in Koha for showing messages to the
user, so there is no easy and convenient way to warn the user that the:
'LastCreatedItem'-cookie or the systempreference 'PrefillItem' is
malfunctioning.
So we instead just warn to the server logs with the malfunctioning cookie in
hopes of nailing down what causes the issues.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 9237fe676336f5908a9acc26a3b70b70d25602ae) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit d9def60267c1eb8aaacf4958de3bbddbace27621) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 17103 - Google API Loader jsapi called over http
This patch replaces the hardcoded protocol ("http") from the URI with
https since that is what Google defacto uses to serve JS resources
Prevents MIXED CONTENT failure, allowing GoogleIndicTransliteration
to function correctly when used in SSLized OPACs.
Test plan
---------
1/ Make sure your OPAC is being served both over HTTP and HTTPS
2/ Set GoogleIndicTransliteration syspref to "Show"
3/ Access the OPAC over http, Google transliteration element will
show up in masthead searchbox.
4/ Access the OPAC over https. The element will not show. Console
will show MIXED CONTENT error and failure of google loader.
5/ Apply patch. Repeat steps #3 and #4 again. Now in both cases
GoogleIndicTransliteration will work.
Signed-off-by: Mark Tompsett <mtompset@hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6fcd32a75c41c7815a883cc4952899ea24045b3c) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 3a5e20809c191ed5773e70f09c0096d14cade6c9) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Bug 16974: Make koha-plack should check and fix log files permissions
This patch adds a function to the koha-plack script so it checks for log file
existence and its permissions. This function is called from the start_plack function.
If some of this conditions are not fulfilled, it solves the situation by either
touching and/or changing the permissions accordingly for the instances' plack log files.
To test:
- Run (on kohadevbox):
$ cd kohaclone
$ debian/scripts/koha-plack --start kohadev
$ debian/scripts/koha-plack --stop kohadev
$ ls /var/log/koha/kohadev/plack*
- Verify ownership of the created files (they might belong to the root user)
- Apply the patch
- Run:
$ chown root:root /var/log/koha/kohadev/plack*
$ debian/scripts/koha-plack --start kohadev
$ ls /var/log/koha/kohadev/plack*
=> SUCCESS: Files belong to kohadev-koha:kohadev-koha
- Run:
$ debian/scripts/koha-plack --stop kohadev
$ rm /var/log/koha/kohadev/plack*
$ debian/scripts/koha-plack --start kohadev
$ ls /var/log/koha/kohadev/plack*
=> SUCCESS: Files are created and belong to kohadev-koha:kohadev-koha
- Sign off :-D
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 007d2feee6b2fec92f2d6518a3e84de0f6476b3d) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit ba5ac05a140f62c6bb8383049bcfeba5c96a7de5) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Mark Tompsett [Wed, 3 Aug 2016 03:26:03 +0000 (23:26 -0400)]
Bug 16885: koha-stop-zebra should be more sure of stopping zebrasrv
This patch follows Galen's suggestion in comment #7.
TEST PLAN
---------
1) Back up your koha logs as desired.
2) add something to /var/log/koha/{instance name}/intranet-error.log
3) ps aux | grep zebra
4) logrotate -f /etc/logrotate.d/koha-common
5) ps aux | grep zebra
-- the zebrasrv and daemon process for zebra indexing
didn't restart.
6) apply this patch against /usr/sbin/koha-stop-zebra
7) sudo koha-start-zebra {instance name}
8) ps aux | grep zebra
-- the processes should have started up again.
9) add different junk to /var/log/koha/{instance name}/intranet-error.log
10) ps aux | grep zebra
11) logrotate -f /etc/logrotate.d/koha-common
12) ps aux | grep zebra
-- the process ids for the zebrasrv and daemon processes should
be different, but the number of processes is the same as before.
13) sign off, because its less ugly than comment #3
Sponsored-by: Tulong Aklatan Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Works as expected, no regressions found.
Bug 16944: Add "email" and "url" classes when edit or create a vendor
When edit or create a new vendor the two fields "email" and "website" don't test
if the data provided is right. When you add a direction like
"koha-community.org" without the protocol "https" the program redirect to an
404 error.
To reproduce the issue:
1-Go to Acquisition and create a new Vendor
2-Fill the field Website with koha-community.org
3-Use an email without at sing (@)
4-Notice that there is no error
5-Save
6-Go to the vendor created (/cgi-bin/koha/acqui/supplier.pl?booksellerid=1)
7-Click in Website: koha-community.org -> redirect to an 404 error
8-Notice the bad mailto:
To test:
-Apply patch
-Reproduce step 1 to 8 with the same vendor or create a new one
-Enter multiple wrong and valid urls
-Enter urls with and without protocols http, https, ftp
-Enter wrong and valid emails
NOTE: The classes used are taken from 'branches.tt' Signed-off-by: Liz Rea <liz@catalyst.net.nz>
no longer allows entering of improper website urls or incomplete email addresses.
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 71d20a8c3b48a4dd1c7fb569b3baf2352d9757ac) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 3b4564001d571304490fe81dbd92e656fc9ad53e) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Thu, 4 Aug 2016 16:19:37 +0000 (17:19 +0100)]
Bug 17052: Display patron category description in the sidebar of paycollect
The patron category description is not passed to the template in
paycollect.pl
Note: The Categories TT plugin should be used here...
Test plan:
Go on paycollect.pl and confirm that the patron category description is
now displayed in the sidebar.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c3badb0c570beada485cc71ea6b494da1d59f1b0) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 527cd879bb832feb1a73afb85ffb948bb4c0ee64) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Kyle M Hall [Fri, 5 Aug 2016 13:56:52 +0000 (13:56 +0000)]
Bug 17055 - Add classes to different note types to allow for styling on checkins page
Returned items may have 3 kinds of notes, patron, item public, and item
non-public. However, the html markup for them does not allow us to
distinguish which type we are seeing. It would be good to add classes
for each of these note types.
Test Plan:
1) Check out an item to a patron
2) Add a patron note, a public item note, and a non-public item note
to the patron and item you used
3) Check in the item and instead the html, note the each note span
now has a class to distinguish which type of note is being displayed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit dbfda36767c113b8e515e8d2bfedd435ed7bd133) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit a86c2250100b898d0c537497c5b6ad20eb969d28) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Marc [Mon, 8 Aug 2016 12:04:44 +0000 (14:04 +0200)]
Bug 17078 - Format fines on opac-account.pl
To verify:
- Log in to OPAC as a user who has fines or credits
- Go to page "your fines"
- Verify that values for "Fine amount", "Amount outstanding"
and "Total due" are not formatted as defined in syspref CurrencyFormat
(e.g. for FR)
To test:
- Apply patch
- Repeat steps above
- Verify that values are formatted as appropriate with different
settings for syspref CurrencyFormat
Note: This patch does not force text alignment to the right.
Text alignement can be done using syspref OPACUserCSS
(td.sum, td.credit, td.debit)
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d76737ba7d41bc261b59a2ea2cf4c591a62a0bc4) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit f13a576bf5b1b10d2ea54b89eac44cc95270b386) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Marc [Mon, 8 Aug 2016 09:33:50 +0000 (11:33 +0200)]
Bug 17076 - Format fines in patron search results table
Format the values in patron search results following syspref CurrencyFormat.
To verify:
- Search for patrons who have fines or credits
- In result table, column 'Fines' does not respect syspref CurrencyFormat
(e.g. for FR)
To test:
- Apply patch
- Repeat steps above, verify that fines display as appropriate
- Change syspref Currencyformat, verify display
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6359922847aa9437bccc1d28fd429d5432517e9a) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 1adcd737574fcbde4a86c5b3b72718c5e5ba21da) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Chris Cormack [Sun, 24 Jul 2016 07:18:51 +0000 (19:18 +1200)]
Bug 16969 cgi->param used in list context in opac-memberentry.pl
To test
1/ Hit the page, notice the warning in the log
2/ Apply patch
3/ Hit page, notice no warning in the log
4/ Test functionality all still works
Works as expected. (Note: See Bug 16960 for updating patron details). Signed-off-by: Marc <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0ef3b19dbd414539dbc8c45ecc595e399df31781) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 2dc212beef4f4baa56e2c2cac00cdf038989f884) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Wed, 3 Aug 2016 15:41:48 +0000 (16:41 +0100)]
Bug 16894: Regression - Display email on patron search results
Bug 10318 added the email to the patron search results but it has been
removed later.
This patch reintroduced it where it was (no new column).
Test plan:
Search for patrons and confirm that the emails are displayed.
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 034f939a44287ae7078d95c15b55368aa98b4216) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 68a4549aa9fd36904c8b7fb321d14ac1946bc485) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
phette23 [Thu, 23 Jun 2016 23:06:59 +0000 (16:06 -0700)]
Bug 16806: no error message for 'too_soon' renewal
To test:
- for a particular item type & patron category, configure a non-zero
"no renewal before" date so items can't be immediately renewed
- sign in as a patron in aforementioned patron category
- check out an item of aforementioned item type
- go to your renewals page in OPAC /cgi-bin/koha/opac-user.pl
- an error messages appears in the div.alert.dialog up top
Sponsored-by: California College of the Arts Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu> Signed-off-by: Irma Birchall <irma@calyx.net.au> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit aa2f56fa1a76d98ab9543a100810c354c4d23554) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 8ff5f08edd0dc434e56d35cb4956df6027f0eed6) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Mon, 25 Jul 2016 15:37:03 +0000 (16:37 +0100)]
Bug 16776: Do not forget external language choice in language switcher
If language is set by external link language switcher does not work
To reproduce:
- Have a multilingual koha installation, let's say en, de-CH, fr-FR and it-IT
- Create external links e.g. from your multilingual library website to each language variant of OPAC:
Each link opens fine displaying the language as appropriate.
Now try to switch language on the page you just opened via the external link.
It won't work, it will always stay on the language defined by the external link.
To test:
- Apply patch
- Repeat steps above
- Verify that the language switcher works
- Verify in browser address field that after switching language, the param 'language= 'has vanished from url string
- Try links with multiple params and with params containing 'language', e.g.
...cgi-bin/koha/opac-search.pl?language=fr-FR&q=language&mylanguage=test
- Verify that only the parameter 'language=' vanishes
Tested counter patch, works as well. Signed-off-by: Marc <veron@veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 62d16aa6b750aaade2267596c19292659333f8c8) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 55bdbc09e6a60d417cbc2d88bb90241fcac57aa2) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Mon, 4 Jul 2016 10:53:39 +0000 (11:53 +0100)]
Bug 16848: Prevent invalid warning to be carped from output_pref
From Koha::DateUtils::output_pref:
$dt = eval { dt_from_string( $str ) } if $str;
carp "Invalid date '$str' passed to output_pref\n" if $@;
This second line is wrong: if $str does not exist, the first line is not evaluated and $@ could be filled with previous error.
To reproduce:
Then:
prove t/DateUtils.t
will display:
t/DateUtils.t .. 20/60 Use of uninitialized value $str in concatenation (.) or string at Koha/DateUtils.pm line 217.
Invalid date '' passed to output_pref
at t/DateUtils.t line 233.
t/DateUtils.t .. ok
All tests successful.
Files=1, Tests=60, 2 wallclock secs ( 0.02 usr 0.00 sys + 1.40 cusr 0.00 csys = 1.42 CPU)
Result: PASS
Test plan:
Without this patch, you should not see the carp
Signed-off-by: Srdjan <srdjan@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c31213ba4fab0082c6ad556aae424918b62205d0) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit f81c6770054dab1cb4b4a1ccea1b28bd702b412b) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Katrin Fischer [Sun, 7 Aug 2016 23:15:23 +0000 (01:15 +0200)]
Bug 17074: Follow-up: fixing encoding issues with multiple search terms
If there was more than one search term you could see that that it
was url encoded. Also problems with search terms with umlauts and
other diacritics.
Patch should fix that.
https://bugs.koha-community.org/show_bug.cgi?id=17074 Signed-off-by: Marc <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 09d7a47f1fb1c645d0e3ffb93fb88409b3310363) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit a42da0108e3f8dee889ef28e0c0d736e23a9aacc) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Katrin Fischer [Sun, 7 Aug 2016 14:03:13 +0000 (16:03 +0200)]
Bug 17074: Fix links in result list of 'scan indexes' and keep search term visible
The 'scan indexes' search that can be reached from the
advanced search has 2 problems to begin with:
- The search term you searched for is not displayed
in the input field.
- The links in the result list are missing the index
and because of that, are not giving the correct results.
To test:
- Go to the advanced search, select an index to search in
- Enter a search term and check 'scan indexes'
- Submit search
- Check if the search term is visible in the input box
- Check if the result links contain your selected index
and give you correct results (count and the number of
results should match)
Tested both patches together, works as expected. Signed-off-by: Marc <veron@veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8d7e62b808522b1871d6b704e0ae5def3be886ee) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 2b62fbde3357b396d72cbce7d625b096c0467307) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
If you click the clear button to clear the search term it does take the search
term away. However, the next time you click on "Saved reports" the search term
is still there.
TO TEST:
1. Reports > Use saved
2. Filter on anything (date/author/keyword). Let say "foo" in keyword.
3. Click the Clear link on the Filter form. You can see that "foo" is removed
from keyword, and all the saved reports are displayed.
4. Click "Saved Reports" on the left. You can see that "foo" reappears in
keyword filter.
5. Apply the patch, and repeat steps 2-4.
Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit aa0e27ea08cf0d9a1ff46b061cc38d2b15fa66e7) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 86985bffc49977c97c6de98edc68ad3c3f917039) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Mirko Tietgen [Tue, 9 Aug 2016 12:55:43 +0000 (14:55 +0200)]
Bug 17087 - Set Test::WWW::Mechanize version to 1.42
This was set to a version that is not available in Wheezy or Jessie.
The version is not required, the only change to 1.42 (packaged for
Wheezy and Jessie) is a fix for Windows, see
http://cpansearch.perl.org/src/PETDANCE/Test-WWW-Mechanize-1.44/Changes
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 893f6cc2633744d4f539fd1b6b9f4b8837277d2d) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 4267b60311227453335d9c4f64cb9d5c0946ced7) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Mark Tompsett [Mon, 11 Apr 2016 03:18:26 +0000 (23:18 -0400)]
Bug 10148: Marc21 field 007 builder improper reload values
The more correct solution is fix that template file.
However, in the mean time, this works.
TEST PLAN
---------
1) find a record
2) edit record
3) click value builder for 007
4) change everything to pipes as much as possible.
(use Motion Picture to get all 00-22 values)
5) save
-- should save just fine.
6) click the value builder again
-- OOPS! Bad reload.
7) prove t/db_dependent/FrameworkPlugin.t
-- NOISY 007 messages.
8) apply patch
9) click the value builder again
-- good reload
10) prove t/db_dependent/FrameworkPlugin.t
-- No noise related to 007.
11) run koha qa test tools.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 22c851cc2fea3c3868f7643132392f0a34439c65) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit e3da772c3cd10ab999b7ee5708c6eab5dfb0599d) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Wed, 3 Aug 2016 12:57:43 +0000 (13:57 +0100)]
Bug 17038: Fix XSS in catalogue/search.pl
Test plan:
Search for something like:
\";alert(1)//135
=> Without this patch you will see the alert
=> With this patch, no more alert
Note that this fix the parameters idx, q and op
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b543fa74fe888b9e53cfc06ac58e2f7ac1689ae5) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 97f1d825cd4031e0c9077d9d8cf0f0c7f69d894c) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Jonathan Druart [Wed, 3 Aug 2016 07:49:10 +0000 (08:49 +0100)]
Bug 17036: Fix XSS in circulation.pl
Test plan:
Enter the following in the "Check out" tab:
"><script>alert('XSS')</script>
=> Without this patch you will see the alert
=> With this patch, no more alert
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 96a9c2715ee2e4388e105e86e221bc280e1d757f) Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 3bf66eb1a1af1f917ffbf3865762cac64bfdbaef) Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>