]> git.koha-community.org Git - koha.git/log
koha.git
14 months agoBug 33848: Don't remove coce container from template
Jonathan Druart [Wed, 31 May 2023 11:41:26 +0000 (13:41 +0200)]
Bug 33848: Don't remove coce container from template

It's removed from coce.js

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit aa8dc28e97d1971e191d5f7d08802257ae98f378)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 33755: Set profile_id and add missing import
Matt Blenkinsop [Mon, 31 Jul 2023 08:52:23 +0000 (08:52 +0000)]
Bug 33755: Set profile_id and add missing import

This patch adds a missed parameter (profile_id) in stage-marc-import.pl and also adds a missing import in the background job for staging marc files. This means that the profile used when importing can now be shown in the import batches table and also in batch details

Test plan:
1) Stage a record for import and make sure to save the import profile you use
2) Import a record using that profile
3) Navigate to Cataloging > Manage staged MARC records
4) In the Profile column, no value will be shown for the staged record
5) Click on the batch, the profile will be missing in this screen as well
6) Apply patch
7) Restart_all
8) Repeat steps 2-5, the profile name should be visible in both places

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Emmanuel Bétemps <e.betemps@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 38fc85ade940b732b3565400a0ff41c06a382497)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34354: Fix progess typo
Pedro Amorim [Mon, 24 Jul 2023 13:36:02 +0000 (13:36 +0000)]
Bug 34354: Fix progess typo

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2234ecb8c93d3ad2dc0a0f41d46db479c9a05d56)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34493: Fix indenting in search_indexes.inc
Fridolin Somers [Mon, 7 Aug 2023 23:11:14 +0000 (13:11 -1000)]
Bug 34493: Fix indenting in search_indexes.inc

Bug 32683 broke indenting in koha-tmpl/intranet-tmpl/prog/en/includes/search_indexes.inc
Not on purpose looks like.

Test plan :
1) Look at changes to validate indenting
2) Run prove xt/tt_valid.t

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fc2dc973f0beca5e30777a465aece074a29682ae)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34289: Add missing class to one condition of the checkin template
Owen Leonard [Mon, 17 Jul 2023 16:42:13 +0000 (16:42 +0000)]
Bug 34289: Add missing class to one condition of the checkin template

The markup of the checkin template varies depending on the conditions of
the operation, and in one case the barcode field was missing the
"barcode" class. This patch adds it.

To test, apply the patch and make sure the finesMode system preference
is enabled.

- Go to returns.pl (/cgi-bin/koha/circ/returns.pl)
- Expand the the options so you see 'Forgive overdue charges'.
- Check that box and check in an item
- After checkin, the barcode field should keep the same style it had
  before the transaction.
- Note: The yellow background of the input when the "Forgive" checkbox
  is checked is to be expected.

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4ff90997001ba10c1c40242107dc0f8f4f9dccac)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34469: Block editing for received order lines
Katrin Fischer [Fri, 4 Aug 2023 15:13:36 +0000 (15:13 +0000)]
Bug 34469: Block editing for received order lines

When an already received order line is modified/edited,
we experience data loss. Most prominently, we will lose the
linked invoiceid. Therefore we should not allow editing an
order line that was already received. If something needs to be
changed, the receipt should be cancelled first.

To test:
* Create basket as standing order with items added in cataloguing
* Add an order line
* Receive shipment
* Go to the basket summary page, click on 'Modify'
* Change the actual cost
* Save
* Verify that the invoice is now empty
* In the database aqorders.invoiceid will be NULL
* Apply patch
* Receive another shipment for the standing order
* Go back to basket summary page
* Verify the 'Modify' link is no longer present
* Click 'Modify' on the unreceived order line
* Edit the URL parameter odernumber to have the number of an
  already received order line
* Verify you see a nice error message:
  This order cannot be edited, the basket is closed or the order was already received.

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Laura Escamilla <laura.escamilla@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a4b7490633d2e8bc9ca9a0f60ebec1200ed0b07a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34108: Preserve checked orders after item editing
Nick Clemens [Thu, 3 Aug 2023 12:26:17 +0000 (12:26 +0000)]
Bug 34108: Preserve checked orders after item editing

The js that buils the new row after editing expects to receive a
value '_checked' indicating if theitem was selected. The 'item' variable
used to create the row after edit comes from the api and doesn't include this.

We need to inspect the previous html before building the new row to confirm the box wa checked

To test:
 1 - Create a basket with 'items created on receive'
 2 - Add an order line with multiple items to it
 3 - Close basket
 4 - Receive shipment
 5 - Add invoice information
 6 - Receive through receive link in the table
 7 - Check some items
 8 - Click on the "Edit" link and make some change to the item
 9 - Save
10 - Checkboxes have disappeared
11 - Cancel receipt
12 - Apply patch
13 - Reload the page
14 - Repeat 7-9
15 - Checkbox is preserved

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 27cf76b4845b966bf67e1f67a1cf144f4e187456)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34056: Add -api-client suffit to authorised-values API client
Jonathan Druart [Mon, 19 Jun 2023 08:15:20 +0000 (10:15 +0200)]
Bug 34056: Add -api-client suffit to authorised-values API client

In koha-tmpl/intranet-tmpl/prog/js/vue/fetch all files have the -api-client suffix but authorised-values. For consistency we should add it.

Test plan:
Go to the ERM module and confirm that dropdown lists are correctly
filled in with authorised values.
You can also inspect the console and confirm that a GET query to /authorised_value_categories is done

Sponsored-by: BULAC - http://www.bulac.fr/
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 813cfe1eec1f6090f715638a774fa755b5ff4788)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34365: Add cancellation request flow to DELETE /holds
Tomas Cohen Arazi [Mon, 24 Jul 2023 19:08:50 +0000 (16:08 -0300)]
Bug 34365: Add cancellation request flow to DELETE /holds

This patch adds a new `x-koha-override` header to allow enforcing the
cancellation request flow for waiting holds.

If the hold is not waiting, the header has no effect.

To test:
1. Apply the tests patch
2. Run:
   $ ktd --shell
  k$ prove t/db_dependent/api/v1/holds.t
=> FAIL: The endpoint doesn't implement the required logic
3. Apply this patch
4. Repeat 2
=> SUCCESS: Tests pass! The endpoint behavior is changed!
5. Sign off :-D

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit eb224540e223d71f1f494b94ce3442567a1c6664)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34365: Unit tests
Tomas Cohen Arazi [Mon, 24 Jul 2023 19:08:22 +0000 (16:08 -0300)]
Bug 34365: Unit tests

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2a8c43f975306081ec4f7a218346187bba08585c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34470: Initialize random seed after spawning a child worker process
Emily Lamancusa [Wed, 9 Aug 2023 16:29:35 +0000 (12:29 -0400)]
Bug 34470: Initialize random seed after spawning a child worker process

When background_jobs_worker.pl spawns a new child process, it needs to
explicitly reinitialize the random seed - otherwise each child process
will inherit the same random seed from the parent process, and any
randomization will produce identical results each time.

This patch adds a call to srand immediately after the fork to
reinitialize the seed. Note that child processes should not call
srand with no parameter anywhere else, as the Perl documentation
indicates that srand should not be called with no parameter more than
once per process.

To test:
1. Apply the logging patch only
2. Set system preferences:
    a. RealTimeHoldsQueue -> Enable
    b. RandomizeHoldsQueueWeight -> in random order
3. Watch the logs for the staff interface
   in ktd:
   ktd --shell
   koha-intra-err
4. Place a hold. Note that the logs display the branch list before and
   after it is randomized.
5. Place some more holds. Note that the branch order after randomization
   is identical each time.
6. Apply both patches and restart_all
7. Repeat steps 3-5.
   -> Note that the branch order before randomization hasn't changed
   -> Note that the branch order after randomization is now different
      each time.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a3c64f62c0dca2acf7d7558281e006ef41286771)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34117: Add unit tests
Emily Lamancusa [Thu, 27 Jul 2023 14:33:38 +0000 (14:33 +0000)]
Bug 34117: Add unit tests

To test:
prove t/db_dependent/Koha/Patron/Categories.t

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3ff1430bb4f1203a3d2d9ee8017633c73ff6a3de)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34117: Remove side effect from get_expiry_date
Emily Lamancusa [Thu, 20 Jul 2023 17:41:15 +0000 (13:41 -0400)]
Bug 34117: Remove side effect from get_expiry_date

If get_expiry_date is passed a DateTime object as a parameter,
it modifies and returns the original object. When memberentry.pl
prefills the input fields for duplicating a patron, it passes the
enrollment date object to get_expiry_date. This causes the enrollment
date object to be modified with the expiry date value.

This patch modifies get_expiry_date to clone the DateTime object that it
receives as a parameter and return the clone, so that references to an
enrollment date object can be passed in safely.

To test:
1. Have or make a patron
2. Duplicate that patron
3. Before saving the new patron, scroll down to Registration Date and
   see that it's defaulting to a date in the future.
4. Apply patch and restart_all
5. Try duplicating a patron again
6. Registration Date should correctly set to today

Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit bba9feff5ca9e1601a38408625cf7ba40b70645f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34155: Hide 'Next available' at OPAC when item-level hold is forced
Julian Maurice [Mon, 17 Jul 2023 09:10:07 +0000 (11:10 +0200)]
Bug 34155: Hide 'Next available' at OPAC when item-level hold is forced

This was a regression caused by bug 24860

Test plan:
1. Set up circulation rules so that OPAC users can place holds only on
   specific items ("OPAC item level holds" = "force")
2. Try to place a hold at OPAC. The "Next available item" option should
   not appear.
3. Set "OPAC item level holds" to "allow"
4. Try to place a hold at OPAC. The "Next available item" option should
   appear

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9b1bd01a428823e0ed99d7d265dec3606ea3e893)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34269: (QA follow-up) Add missing TT filters
Katrin Fischer [Fri, 14 Jul 2023 09:17:27 +0000 (09:17 +0000)]
Bug 34269: (QA follow-up) Add missing TT filters

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e211d8b34b8e3755ef254f9677d8c82dc27e0ae1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34269: Convert to using codes in select compares
Martin Renvoize [Thu, 13 Jul 2023 16:01:07 +0000 (17:01 +0100)]
Bug 34269: Convert to using codes in select compares

This patch updates the logic in smart rules to compare option values to
codes as apposed to option texts to value descriptions.

0. Apply patch
1. Install another language in the staff interface
   1. ./translate install xx-XX
   2. Check the box of the language in the 'language' system preference
   3. Refresh
2. Create an item type with a parent
   1. Go to Administration > Item types
   2. Create a new item type or modify an existing one, assigning a parent type
      Example: Create a 'Children's books' itemtypetype
      and assig 'Books' as its parent
   3. Create a third item type with the same description but something added in ():
      Example: 'Children's books (3-5)'
3. Create a circulation rule for the parent type
   Example: All/Books, with 2 checkouts allowed
4. Create a circulation rule for:
   All/All with 3 checkouts allowed
5. In English, click on "Edit" next to the parent type rule (All/Books)
   --> Note that the item type in the bottom row (the modifiable row) is changed to 'Books (All)'
6. Modify the number of checkouts allowed (e.g. 99)
   --> The All/Books rule is modified
7. Switch the interface to the other language
8. Click on "Edit" next to the parent type rule (All/Books)
   --> The All/Books rule is modified
9. Add rules for Children's books and Children's books (3-5)
10. Click on "Edit" next to each rule and change a value
   --> Verify that the changed values are always saved for the correct rule

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e0fdb2db51072e10a3f53b1efb9571728560bd64)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34452: Restore fund label and 'Update adjustments' button
Katrin Fischer [Fri, 4 Aug 2023 14:29:11 +0000 (14:29 +0000)]
Bug 34452: Restore fund label and 'Update adjustments' button

This patch fixed 2 small and recent regressions:

* The "Update adjustments" button used to always display. It's
  required to save a new first adjustment, but also to save
  changes to existing adjustments edited inline. It now would
  only display after "Add adjustments" was clicked. We retore
  to display it always. (bug 32746)

* We have several "Fund" pull downs on this page, but they are
  for different things and require different labelling.
  "Fund" was changed to "Shipping fund" which matches at the top,
  but doesn't work for the adjustments table and single adjustment
  form. Now we use "Shipping fund" "Fund" and no label in the table
  as the table header covers it there. (bug 33721)

To test.
  * Add a vendor
  * Receive shipment
  * Add invoice and save
  * Click on "Finish receiving"
  * Verify the button "Update adjustments" appears after clicking
    "Add new adjustment"
  * Verify the button is gone after you clicked it and the table shows
  * Change something in the table - no button to save change :(
  * Apply patch
  * Repeat steps, button "Update adjustments" should not always be
    visible.

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 72ef65edbe3413027fb877e37929e98cf7fd26fe)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 30451: DBRev 23.05.02.002
Fridolin Somers [Thu, 17 Aug 2023 18:47:34 +0000 (08:47 -1000)]
Bug 30451: DBRev 23.05.02.002

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 30451: Update FK constraint on aqorders.subscriptionid
Katrin Fischer [Fri, 21 Jul 2023 14:39:07 +0000 (14:39 +0000)]
Bug 30451: Update FK constraint on aqorders.subscriptionid

This updates the FK constrant from ON DELETE CASCADE to ON DELETE
SET NULL. This means that if a subscription linked to an order is
deleted, we no longer will also delete the order, but we will just
set subscrptinid in the order to NULL. This will avoid data loss
that can cause the budgets/funds not to add up anymore with the
real espenses of the library.

To test:

Preparation:
* Create 2 subscriptions on different records
* Create a new basket
* Use the "order from subscription" functionality to create order
  lines for both of your subscriptions
* Close basket

Without patch:
* Delete the first subscription
* Verify the order line for this subscription is gone from your basket

Apply patch:
* Run database update and restart_all
* Delete the second subscription
* Verify the order line now remained in the basket

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
JD amended patch: perl tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 765d3d85b5b2b2e0711550b5b244d71967a2ee0c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34059: Add only issues from the branch that is creating the notice
Pedro Amorim [Mon, 19 Jun 2023 14:24:30 +0000 (14:24 +0000)]
Bug 34059: Add only issues from the branch that is creating the notice

Test plan, on k-t-d
1) Go to 'my account' on top right user menu
2) On 'Patron messaging preferences', click 'Edit'
3) On the 'Item due' row, check the 'Email' and 'Digests only' checkboxes and save
4) On the top search bar, press 'Check out' and enter '42' (koha user cardnumber)
5) On the checkout input bar, enter 39999000001372 and press checkout
7) Go to 'Set library' on top right user menu and pick a different library
8) Repeat step 4), then, on the checkout input, enter 39999000004571 and press checkout
9) Verify that this user now has 2 items checked out, from 2 different libraries at /cgi-bin/koha/circ/circulation.pl?borrowernumber=51
9) Run the following 2 queries to force the due_date to be equal to 'today's' date for both issues:
NOTE: change the YYYY-MM-DD below to whatever day it is you're running this test plan

UPDATE issues SET date_due = '2023-06-19 23:59:00' where issue_id = 1;
UPDATE issues SET date_due = '2023-06-19 23:59:00' where issue_id = 2;

10) Run the cronjob:
./koha/misc/cronjobs/advance_notices.pl -c --digest-per-branch

11) Verify that two DUEDGEST notices were created, one per each library, but both notices contain both issues:
SELECT letter_code, time_queued, content FROM message_queue ORDER BY message_id DESC LIMIT 2;

12) Apply patch, then do 10) and 11) again
13) Verify that each notice only contains the issue for its respective library

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Stephen Graham <s.graham4@herts.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 39e6b100cb977f072e6f23a13625e986a31aab97)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
14 months agoBug 34387: (QA follow-up) Fix display of 'Import batches'
Katrin Fischer [Sat, 29 Jul 2023 21:14:39 +0000 (21:14 +0000)]
Bug 34387: (QA follow-up) Fix display of 'Import batches'

Fixes the heading and sidebar display of the 'Import batches'
section.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
14 months agoBug 34387: (follow-up) Minor spelling and quoting fixes
Martin Renvoize [Wed, 26 Jul 2023 06:15:56 +0000 (07:15 +0100)]
Bug 34387: (follow-up) Minor spelling and quoting fixes

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
14 months agoBug 34387: Improve API docs naming consistency
Tomas Cohen Arazi [Tue, 25 Jul 2023 18:57:58 +0000 (15:57 -0300)]
Bug 34387: Improve API docs naming consistency

This patch aims to make our API docs be more consistent.
It addresses two particular things:

* There's no consistency on the `tags` used across the spec, and not all
  of them are correctly described and have an `x-displayName` entry.
  More on this later.
* This are not sorted either by some for of grouping, or at least
  alphabetically.

For the former, I did my best trying to harmonize (specially on the ERM
front) with what we do in the rest of the use cases.

For the latter, I opted for sorting everything alphabetically, as a
first step. Hoping someone else could work on grouping things.

To test (ON YOUR HOST MACHINE):
1. On current master run:
   $ cd api/v1/swagger
   $ docker run --rm -v $(pwd):/api --workdir /api redocly/cli \
           build-docs swagger.yaml --output index.html
=> SUCCESS: It doesn't break or anything
2. Open your browser, open the generated api/v1/swagger/index.html file
=> FAIL: The left column has
         * several lower case entries
         * not everything is correctly grouped (ERM? packages?)
         * Things are not sorted. There's an attempt but looks messy
3. Apply this patch
4. Repeat 1 and 2
=> SUCCESS: Things look much better!
5. Sign off :-D

CAVEAT1: I'm not sure why, but import_batches doesn't work. Ideas are
welcome, I'll keep looking for fixes.
CAVEAT2: I don't have enough eHoldings background to weight in, but I
feel like 'ERM eHoldings packages' could just be 'ERM packages'.
Follw-up patches with better ideas are welcome.
CAVEAT3: Patron credits, debits, balance... They could all go in to
'Patrons accounts' or similar. Open to ideas.
CAVEAT4: Old redocly didn't support mapping an endpoint to more than one
target section. Something to explore if we want (for example) to reach
'credits' through the 'Patrons' section but also from 'Accounting'.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
15 months agoBug 33964: (QA follow-up) Remove library from cpanfile
Tomas Cohen Arazi [Tue, 25 Jul 2023 11:20:48 +0000 (08:20 -0300)]
Bug 33964: (QA follow-up) Remove library from cpanfile

Email::Sender::Transport::SMTP::Persistent is part of the Email::Sender
distribution, and a git diff on the repository doesn't show any
difference.

The patch author just took the number from MetaCPAN.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9c3fa90aec58dbc50a7577489a20d1b74556f790)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33964: (QA follow-up) Syntax error in cpanfile
Tomas Cohen Arazi [Tue, 25 Jul 2023 01:18:53 +0000 (22:18 -0300)]
Bug 33964: (QA follow-up) Syntax error in cpanfile

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9b992a797cb1883807448f540aef39e562fb0b1f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33964: (QA follow-up) Handle absence of smtp server
Marcel de Rooy [Thu, 20 Jul 2023 14:11:22 +0000 (14:11 +0000)]
Bug 33964: (QA follow-up) Handle absence of smtp server

Resolve:
Use of uninitialized value in hash element at /usr/share/koha/C4/Letters.pm line 1472.
Use of uninitialized value in hash element at /usr/share/koha/C4/Letters.pm line 1473.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5de1c66fe1a38aafaea690e5075b01b85e685f8e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33964: Use Email::Sender::Transport::SMTP::Persistent for sending email
Kyle M Hall [Thu, 8 Jun 2023 15:57:47 +0000 (11:57 -0400)]
Bug 33964: Use Email::Sender::Transport::SMTP::Persistent for sending email

As described in bug 30013, some outgoing SMTP services ( such as Gmail ) do not like Koha's current behavior of initiating a new connection for each email sent.  If we switch from Email::Sender::Transport::SMTP to Email::Sender::Transport::SMTP::Persistent and store the object for the duration of the message queue processing, this should solve that issue.

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e9ce739b74c1357d4ca8fc0136377b4f15de7f6e)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 32739: (follow-up) QA Cleanup
Martin Renvoize [Tue, 25 Jul 2023 15:28:27 +0000 (16:28 +0100)]
Bug 32739: (follow-up) QA Cleanup

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3c90dbcb82e16bee63cda729a0db4c94d8d8a78f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 32739: Allow other patron identifier on pwd validation
Tomas Cohen Arazi [Mon, 17 Jul 2023 18:48:20 +0000 (15:48 -0300)]
Bug 32739: Allow other patron identifier on pwd validation

This patch takes a step forward on the password validation endpoint, by
adding  the `identifier` parameter and making it be allowed
to be the patron's `cardnumber` or the `userid`.

The current `userid` only validation option is kept as-is.

The implementation relies on `C4::Auth::checkpw` to query for the
patron.

To test:
1. Apply this patches
2. Run:
   $ ktd --shell
  k$ prove t/db_dependent/api/v1/password_validation.t
=> SUCCESS: Tests pass!
3. Sign off :-D

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 69653a281dcbe2d0d610cbc2be6cc2718b52fca3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 32739: Unit tests
Tomas Cohen Arazi [Mon, 17 Jul 2023 18:48:09 +0000 (15:48 -0300)]
Bug 32739: Unit tests

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 419d1d4fe9e4dae2e98493b81a74b0193104acfd)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34258: (QA follow-up) Tidy the test
Martin Renvoize [Wed, 19 Jul 2023 14:20:46 +0000 (15:20 +0100)]
Bug 34258: (QA follow-up) Tidy the test

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 328baf44b457bc34cd93ffad8128b79d4ee30a42)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34258: update SIP-related unit test
Andreas Roussos [Thu, 13 Jul 2023 16:02:02 +0000 (16:02 +0000)]
Bug 34258: update SIP-related unit test

Test plan:

1) Run the updated SIP-related unit test *without* having applied
   the other patch from this bug report -- it should fail:

   $ prove t/db_dependent/SIP/ILS.t

2) Apply the patch that fixes C4/SIP/ILS/Transaction/Renew.pm

3) Re-run the unit test -- it should pass.

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5d0b4b4433b1751e16a1ed14b427ae266e4e72a6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34258: pass an unblessed hash to AddIssue()
Andreas Roussos [Thu, 13 Jul 2023 16:01:47 +0000 (16:01 +0000)]
Bug 34258: pass an unblessed hash to AddIssue()

In Koha 23.05, we lost the ability to renew an item via SIP2.

The relevant commit is ddc2906b77 from Bug 31735, where the
file C4/SIP/ILS/Transaction/Renew.pm was modified to no longer
pass an unblessed $patron hash to C4::Circulation::AddIssue()

This patch fixes that.

Test plan:

1) Using the SIP emulator, check out an item to a patron, then
   try to renew it. Example commands for a KTD instance:

   $ misc/sip_cli_emulator.pl -a localhost -p 6001 -l CPL -su term1 -sp term1 -m checkout --patron koha --item 3999900000001
   $ misc/sip_cli_emulator.pl -a localhost -p 6001 -l CPL -su term1 -sp term1 -m renew --patron koha --item 3999900000001

   Notice that the second command will fail!

2) Apply this patch.

3) Repeat the 2nd command -- this time the renewal should work.

4) Run the SIP-related unit tests, they should all pass:

   $ prove t/db_dependent/SIP/
   t/db_dependent/SIP/ILS.t .......... ok
   t/db_dependent/SIP/Message.t ...... ok
   t/db_dependent/SIP/Patron.t ....... ok
   t/db_dependent/SIP/SIPServer.t .... ok
   t/db_dependent/SIP/Transaction.t .. ok

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 54924681d2d6d567e10a248d136a87f02d6f5ca9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34169: (follow-up) Fix ordering from staged files by removing superfluous form
Katrin Fischer [Tue, 18 Jul 2023 07:30:23 +0000 (07:30 +0000)]
Bug 34169: (follow-up) Fix ordering from staged files by removing superfluous form

Removes the unneded new form element as we have one big form for the whole page.

This should fix the situation where only the prices and information
of the first selected record carreid over into the order.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 71377c5e7bd1ecf7731f3891455a5b8fdb461736)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34169: Add decimal class to all relevant input fields in the acquisitions module
Katrin Fischer [Mon, 17 Jul 2023 16:01:25 +0000 (16:01 +0000)]
Bug 34169: Add decimal class to all relevant input fields in the acquisitions module

This is a first step towards more consistency and possibly supporting
multiple input formats as well in the future. It marks all input fields
for monetary values, such as prices, replacement prices etc. with a class
that is linked to a check for number format with the jQuery Validator plugin.

To test:

For any input field to test, try adding various false entries, like "abc" or "1,00".
It should only accept inputs with decimal dot, like: "1.00"

0) Apply patch, restart_all
1) Suggestion
  * Add a new suggestion in the staff interface
  * Test: price input field at the bottom of the form.
  * Accept the suggestion
2) Order form
  * Create a new basket
  * Create an order line from an existing record
  * Test: list price, replacement price, and actual price.
  * Check the checkbox for uncertain price before you save
3) Uncertain prices
  * Go to the uncertain prices page for this vendor
  * Test: price field
    Note: this form does its own validation, but the change should not change behaviour for now
  * Resolve the uncertain price
  * Close order
4) Receive shipment
  * Test: Shipping cost
5) Receive the order
  * Test: replacement price, actual price
  * Check checkbox for price in foreign currency
  * Test: price in foreign currency
  * Receive order line
6) Invoice summary
  * Finish receiving
  * Test: shipping cost
  * Test: invoice adjustments: amount in the form for the first entry, amount in the table after adding it
7) Merging invoices
  * Receive another shipment and create and invoice
  * Go to invoices and search all
  * Check the 2 entries for merging
  * Test: shipping cost
8) Adding orders from a staged/new file
  * Export some records using the cart or list
  * Create a new basket
  * Order from new file
  * Import your file, ignore item records
  * Test: price and replacement price
  + Bonus: also test with items, test plan and file from bug 22802 are really helpful here

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit c943fddac6ba8b7ab5228b57c59d22adce4becc1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34169: Use jQuery validator plugin to validate amounts
Katrin Fischer [Fri, 14 Jul 2023 15:42:46 +0000 (15:42 +0000)]
Bug 34169: Use jQuery validator plugin to validate amounts

This is a first step towards more consistency and possibly supporting
multiple input formats as well in the future. It allows us to mark all
input fields for monetary values, such as prices, replacement prices,
fees etc. with a class that is linked to a check for the 'number' format
in the jQuery Validator plugin.

This is the base patch that does nothing by itself, please see
test plan in second patch.

Signed-off-by: Michaela Sieber <michaela.sieber@kit.edu>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 6b2308c17bd8add62e5cc7deb095ed28a2e2fcf4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33978: Adding authority from automatic linker closes imported record
Hammat Wele [Wed, 14 Jun 2023 17:20:00 +0000 (17:20 +0000)]
Bug 33978: Adding authority from automatic linker closes imported record

If you import a record, then create an authority record using the automatic linker, it closes the biblio record. The problem occures when a record is edited in a new tab.

To recreate:

1. Import the example records
   1.1. Download the example records
   1.2. Go to Cataloging > Stage records for import
   1.3. Choose the downloaded file
   1.4. Click Upload file
   1.5. Click Stage for import
   1.6. Click View batch
   1.7. Click Import this batch into the catalog
   1.8. Click View detail of the enqueued job
   1.9. Click Manage imported batch

Correct behaviour:

2. In another tab, search for one of the records (for example, Fafounet)
3. Click Edit > Edit record
4. Go to field 100
5. Click Link authorities automatically
   --> It should say 100 - No matching authority found.
6. Click the plus sign next to 100
7. Fill out the mandatory fields by clinking in the text fields (000, 003, 005, 008, 040), field 100 should already be filled
8. Click 'Save'
   --> Authority number is added in 100 and you get to stay in the record for more edits if needed

Incorrect behaviour:

9. Go back to the imported batch tab
10. Click Edit next to the second title (the one by Paventi, Eza)
11. Redo steps 4 to 8
    --> Record is closedclear :(
    The behaviour should be the same, stay in the bibliographic record until it is saved.

12. Apply the patch
13. Redo step 9, 10, 4
14. Edit field 100, Type 'Paventi Test 2'
15. Redo step 5 to 8
    --> Authority number is added in 100 and you get to stay in the record for more edits if needed

Signed-off-by: Phil Ringnalda <phil@chetcolibrary.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ad124fe536aa11380bdce38b4dfc600864159477)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34280: (QA follow-up) perltidy
emlam [Mon, 24 Jul 2023 15:59:17 +0000 (15:59 +0000)]
Bug 34280: (QA follow-up) perltidy

Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 80db7c05b8e393556138878b10ec506062d5eac7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34280: Fix warning in logs when saving patron details
Matt Blenkinsop [Fri, 14 Jul 2023 14:11:28 +0000 (14:11 +0000)]
Bug 34280: Fix warning in logs when saving patron details

If a patron has no valid email address then a warning message appears in the logs when saving:

"Use of uninitialized value $email in string ne at /kohadevbox/koha/Koha/Patron.pm line 1445."

This patch fixes that error by removing an unnescessary string ne

Test plan:
1) Create/choose a patron with no email addresses
2) On the patron record in the page section for Contact information, click edit
3) Now click save
4) The warning above should appear in the logs
5) Apply patch
6) Repeat steps 2 and 3
7) The warning should no longer appear

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0cf5dfcbd8c2e5f896f041faff157c7768b468e6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34213: import_patrons.pl - Fix short version of matchpoint option in POD
Jonathan Druart [Thu, 6 Jul 2023 12:54:11 +0000 (14:54 +0200)]
Bug 34213: import_patrons.pl - Fix short version of matchpoint option in POD

 44     'c|confirm'                      => \$confirm,

 46     'm|matchpoint=s'                 => \$matchpoint,

The POD is wrong.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2442a4537d4d439bdf27e031116f98d880e47e09)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34332: Removed extra parenthesis that was causing an error
Laura Escamilla [Thu, 20 Jul 2023 18:23:32 +0000 (18:23 +0000)]
Bug 34332: Removed extra parenthesis that was causing an error

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit eb84c45da46b0b49dec9e9191aeb85a767d119f7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34334: Item(s) in MARCdetail untranslatable
Owen Leonard [Fri, 21 Jul 2023 10:17:39 +0000 (10:17 +0000)]
Bug 34334: Item(s) in MARCdetail untranslatable

This patch adds a <span> around the text "Item(s)" in the template for
the MARC detail page in the staff interface. Without the span the
translation tool can't detect the string.

To test, apply the patch and update a translation, e.g. fr-FR:

  > cd misc/translator
  > perl translate update fr-FR

- Open the corresponding .po file, in this case
  misc/translator/po/fr-FR-staff-prog.po
- Confirm that the string is now in the .po file for translation. You
  should find these lines:

koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/MARCdetail.tt:146
c-format
msgid "Item(s)"
msgstr "Exemplaire(s)"

I found that the translation was already populated. Install the updated
po file:

 > perl translate install fr-FR

Test the MARC detail page in your translated language to confirm that
the string is correct.

Signed-off-by: Caroline Cyr La Rose <caroline.cyr-la-rose@inlibro.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 92692a2ee96f2eced21849e0ca9fa0b5d7c44801)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33286: Update 'catalog' to 'bibliographic' in preferences
Martin Renvoize [Thu, 20 Jul 2023 15:57:37 +0000 (16:57 +0100)]
Bug 33286: Update 'catalog' to 'bibliographic' in preferences

Correct the terminology to make it clear catalog concerns only concerns
bibliographic records at the moment, not authority records too.

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit c8dbed27f1e3b5f962318b0e158166794974b406)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33556: Avoid relying on $c->validation
Tomas Cohen Arazi [Mon, 29 May 2023 15:10:51 +0000 (12:10 -0300)]
Bug 33556: Avoid relying on $c->validation

Talking to the OpenAPI plugin maintainer, he mentioned the use of $c->validation->output should be avoided as the plugin is not designed to have a stable behavior there, and he even thought of just removing the method.

That method returns an internal data structure the plugin uses to validate things, and then updates the request itself.

Take the following example:

GET /patrons/123
x-koha-embed: checkouts,library

without the OpenAPI plugin, requesting the header like this:

$c->req->headers->header('x-koha-embed')

would return a scalar, the string 'checkouts,library'.

When using the plugin, and with `x-koha-embed` being defined as collectionFormat: csv, that header is entirely replaced by an arrayref.

That's how the plugin works and how it is expected to be used. So we need to replace the uses of $c->validation format, with normal Mojo usage to avoid future headaches.

This patch changes:
* $c->validation->param => $c->param
* $c->validation->param('body') => $c->req->json

To test:
1. Run:
   $ ktd --shell
  k$ prove t/db_dependent/api/v1/*.t
=> SUCCESS: Tests pass!
2. Apply this patches
3. Repeat 1
=> SUCCESS: Tests still pass!
4. Sign off :-D

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 95af4c9de18ebbb686ec2b1291dbf0fa980c9450)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33556: Path parameters are handled explicitly in the controllers
Tomas Cohen Arazi [Thu, 8 Jun 2023 14:52:11 +0000 (11:52 -0300)]
Bug 33556: Path parameters are handled explicitly in the controllers

In the case of $c->objects->search_rs, the variable is just not used.
In the case of /acq/orders, it's a leftover from when we removed in the
helper. Check there are tests with path params everywhere (including
orders) and it has no effect.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit dcbd3e69295a778788f0d3d840b3edc30a8657e1)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34316: Add_credit should rethrow an exception correctly
Marcel de Rooy [Thu, 20 Jul 2023 07:45:05 +0000 (07:45 +0000)]
Bug 34316: Add_credit should rethrow an exception correctly

Found while running Items.t on top of 33608.
Another exception was thrown but not rethrown.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fa9750e24de0a6300d683a1316b64e9bed248c4b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 28493: Make koha-passwd display the username
Mason James [Wed, 21 Sep 2022 11:38:59 +0000 (23:38 +1200)]
Bug 28493: Make koha-passwd display the username

to test...

1/ run command
 $ sudo koha-passwd dev1
 Password for dev1: CraZyPa$$WoRD!!
 Press enter to clear the screen...
 ^C

2/ apply patch

3/ run command again, note 'username' section
 $ sudo koha-passwd dev1
 Username for dev1: koha_dev1  <<<<<<<<<<<<
 Password for dev1: CraZyPa$$WoRD!!
 Press enter to clear the screen...
 ^C

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 4ce7f8c49378c0e32212493779b07e3ab369dee7)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34279: Don't enforce overduefinescap unless it is greater than 0
Kyle M Hall [Fri, 14 Jul 2023 11:36:47 +0000 (07:36 -0400)]
Bug 34279: Don't enforce overduefinescap unless it is greater than 0

When creating a circ rule, we can set overduefinescap to blank or 0 and no cap is enforced. If we edit that rule, the blank/0 is converted to "0.00" which perl considers true, thus zero-ing out any calculated fine.

Considering we've always ignored an overdue fines cap of 0, we should also ignore 0.00. However, perl is evaluating it as a string which makes it true instead of false as 0 is.

Test Plan:
1) Apply the first patch ( unit tests )
2) prove t/db_dependent/Circulation/CalcFine.t
3) Note the test fails
4) Apply the second patch as well
5) prove t/db_dependent/Circulation/CalcFine.t
6) Note the test passes

Test Plan 2:
1) Create an all/all/all rule with an overduefinescap of 0.00, with a
   daily fine. Enable CalculateFinesOnReturn
2) Backdate a checkout so it is overdue
3) Return this item, note the lack of a fine
4) Apply this patch set
5) Backdate a checkout and return it again
6) Note the fine is generated!

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1763b136d1dcd3348ee26bca8663823b5a05f07c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34279: Unit tests
Kyle M Hall [Fri, 14 Jul 2023 11:32:11 +0000 (07:32 -0400)]
Bug 34279: Unit tests

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8096ec9fff44a04c8ff32525499652116d1a8ad0)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 32271: (QA follow-up) Restore $Price filtering for valid values
Martin Renvoize [Wed, 19 Jul 2023 11:41:28 +0000 (12:41 +0100)]
Bug 32271: (QA follow-up) Restore $Price filtering for valid values

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 093d1959af59423e3a9a69139a4745703b7a399a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 32271: (QA follow-up) Correction to 'can_be_blank' logic
Martin Renvoize [Wed, 19 Jul 2023 11:31:14 +0000 (12:31 +0100)]
Bug 32271: (QA follow-up) Correction to 'can_be_blank' logic

The logic introducing the can_be_blank check into the monetary decimal
format check was flawed and meant we were no longer checking decimal
formatting in the majority of cases. This patch updates that so we pass
the unit tests and correctly check any value passed that's not an empty
string.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit c42725bab4f7f4dc360d9b4fe0417b8b3082d879)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 32271: Unit test
Martin Renvoize [Wed, 19 Jul 2023 11:11:50 +0000 (12:11 +0100)]
Bug 32271: Unit test

Add a unit test for the allow blank option added to the monetary check
in CirculationRules.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 41274ef7516ad09f1f9a5e6723ba7bd53379dd02)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 32271: (QA follow-up) Convert all positive numbers to monetary float and convert...
Kyle M Hall [Fri, 14 Jul 2023 13:08:51 +0000 (09:08 -0400)]
Bug 32271: (QA follow-up) Convert all positive numbers to monetary float and convert all 0 equivilents to blank value

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit daedce4f6ea7d7ae9d4f12cd54e94b0230683a92)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 32271: Fix overdue fines cap (amount) set to 0.00 when editing rule.
Géraud Frappier [Mon, 5 Dec 2022 17:30:40 +0000 (12:30 -0500)]
Bug 32271: Fix overdue fines cap (amount) set to 0.00 when editing rule.

Signed-off-by: Anneli Österman <anneli.osterman@koha-suomi.fi>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit adeb4d54530d6ef8c4adc171846eb7c47a81bb23)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34133: Set default sort on first column (ID) desc
Pedro Amorim [Tue, 27 Jun 2023 15:00:00 +0000 (15:00 +0000)]
Bug 34133: Set default sort on first column (ID) desc

Test plan:

Before applying patch:
* Open incognito at /cgi-bin/koha/ill/ill-requests.pl,
* Verify order is by ASC (lowest ID first)
* Close incognito

Apply patch, then:
* Open incognito at /cgi-bin/koha/ill/ill-requests.pl,
* Verify order is by DESC (highest ID first)

Signed-off-by: Magnus Enger <magnus@libriotech.no>
Followed the test plan from Bugzilla, and added it above.
Works as advertised.
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 67916fc23a518bb1ddc895f6f3e0b27c434b8a92)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33992: Only consider the date when auto-expiring problematic recalls
Aleisha Amohia [Tue, 13 Jun 2023 05:29:22 +0000 (17:29 +1200)]
Bug 33992: Only consider the date when auto-expiring problematic recalls

This patch carries this fix into the misc/cronjobs/recalls/expire_recalls.pl cronjob so that recalls are automatically expired when they have been waiting a problematic number of days, not considering hours, as expected.

To test, follow the test plan from the first patch. This will set you up with a waiting problematic recall.

Run the cronjob manually

perl misc/cronjobs/recalls/expire_recalls.pl

Refresh your 'Recalls awaiting pickup' page. Your problematic recall should be gone/expired.

Expiration dates will apply when expiring any 'unfulfilled' recall i.e. newly requested, overdue to be returned, and awaiting pickup.

Sponsored-by: Auckland University of Technology
Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0d2052088ec62654f81154be0b9916b8e8630891)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: (follow-up) Lower the two digits requirement
Tomas Cohen Arazi [Wed, 19 Jul 2023 14:51:54 +0000 (11:51 -0300)]
Bug 33028: (follow-up) Lower the two digits requirement

This patch makes the code not require two decimal digits, as the main
intention here is to forbid (locale) formatted strings to reach the DB.

The number of digits we support needs to be discussed on its own bug,
and a centralized check implemented.

This patch fixes tests:

prove t/db_dependent/Circulation.t
t/db_dependent/Circulation.t .. 1/67 Exception 'Koha::Exceptions::CirculationRule::NotDecimal' thrown 'The circulation rule expected a decimal value' with name => fine, value => 0.1
t/db_dependent/Circulation.t .. Dubious, test returned 11 (wstat 2816, 0xb00)
Failed 53/67 subtests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 45b050871e7ed882b553f211db97204f30634646)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: (follow-up) Add POD to new Exception
Martin Renvoize [Wed, 19 Jul 2023 10:26:59 +0000 (11:26 +0100)]
Bug 33028: (follow-up) Add POD to new Exception

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit b82f1bd8075e0d14aa9d08293831af4cd8a3059a)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: Unit tests
Martin Renvoize [Wed, 19 Jul 2023 10:21:46 +0000 (11:21 +0100)]
Bug 33028: Unit tests

Add unit tests for is_monetary functionality introduced in the
CirculationRules module.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 88ccaaf3acab9996070a5bcbc057bbe9dad1c771)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: Make exception less generic
Tomas Cohen Arazi [Tue, 18 Jul 2023 18:05:50 +0000 (15:05 -0300)]
Bug 33028: Make exception less generic

While testing this bug I found Circulation.t was failing, but the
exception doesn't actually display anything useful in terms of helping
debug what's going on.

This patch makes it add the rule_name and rule_value to the message.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9b7c077c9ddade728a7d84a1cf2f5b62cc4d4841)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: (QA follow-up) Tidy introduced code
Tomas Cohen Arazi [Tue, 18 Jul 2023 17:28:27 +0000 (14:28 -0300)]
Bug 33028: (QA follow-up) Tidy introduced code

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 82bdaa8fbcdf836dd2fea93850173f15f17b7de9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: DBRev 23.05.01.004
Tomas Cohen Arazi [Tue, 18 Jul 2023 17:24:46 +0000 (14:24 -0300)]
Bug 33028: DBRev 23.05.01.004

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 86c2d9d1e96f318615ca6c83d6bfd685723ab5c9)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: Perltidy database update script
Katrin Fischer [Tue, 11 Jul 2023 13:23:40 +0000 (13:23 +0000)]
Bug 33028: Perltidy database update script

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit f0a3b98cdb1ae0938403bf919f5494e2708821c4)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: Throw exception if not passed a decimal number
Martin Renvoize [Mon, 3 Jul 2023 12:45:28 +0000 (13:45 +0100)]
Bug 33028: Throw exception if not passed a decimal number

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit d5b1041f43c2a6d8b82f6ee88c1ecf6aaaeb9cae)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: (follow-up) Apply unformat_price to decimal fields
Martin Renvoize [Tue, 27 Jun 2023 15:54:02 +0000 (16:54 +0100)]
Bug 33028: (follow-up) Apply unformat_price to decimal fields

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 461c1931b9137bfcf64c5ec9a5bc3f127727ec14)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: (follow-up) Add unformat_price js function
Martin Renvoize [Tue, 27 Jun 2023 15:22:36 +0000 (16:22 +0100)]
Bug 33028: (follow-up) Add unformat_price js function

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 31cbd5ce946832234c8eb6b99729d781e75fd4bc)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: (follow-up) Rewrite database update
Katrin Fischer [Fri, 16 Jun 2023 17:01:52 +0000 (17:01 +0000)]
Bug 33028: (follow-up) Rewrite database update

This rewrite the database update with some things in mind:

* We now use a positive value list of allowed characters to check
  This makes sure that all of those are recognized:
  1,00
  1.00€
  abc
* Instead of dying after finding one wrong value, we loop through
  all values first, building up an error string
* When we have errors... we die and print the full list of things
  that need fixing.

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0199f5fbbb50cbc4656cbeb73c269a7cc6718e55)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: Add TT filters for Price and pattern checks to input fields
Katrin Fischer [Fri, 16 Jun 2023 16:59:22 +0000 (16:59 +0000)]
Bug 33028: Add TT filters for Price and pattern checks to input fields

With this patch, all monetary values in the table will be displayed
formatted.

Also, the input will be checked against our agreed pattern to make
sure no false values can be entered.

Missing: When editing a rule, we need to unformat the value, so that
instead of the display format we have the input format available
for editing.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 3c2d40bb4a05687eca67a8e06befd5d43d0a4b9d)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: Add is_monetary to recall_overdue_fine and article_request_fee
Katrin Fischer [Fri, 16 Jun 2023 16:57:51 +0000 (16:57 +0000)]
Bug 33028: Add is_monetary to recall_overdue_fine and article_request_fee

This patch marks the 2 missing monetary values for recal over due fines
and article request fees as monetary.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e2634097c15d808d4e9a96e33efa9ab245bba88c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: (follow-up) Fix trailing 0 decimals
Martin Renvoize [Fri, 3 Mar 2023 11:33:46 +0000 (11:33 +0000)]
Bug 33028: (follow-up) Fix trailing 0 decimals

We want to recognise the truthyness of a number vs string so we drop
trailing decimals if they're just 0.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 598970a1223b9af043b1977965322758565f7d06)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: (follow-up) Move monetary definition into hash
Martin Renvoize [Fri, 3 Mar 2023 11:28:20 +0000 (11:28 +0000)]
Bug 33028: (follow-up) Move monetary definition into hash

This patch moves the defintion of monetary rule type into the rule kinds
hash.

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2b48a948cbe7f14526e4ea8836e5175e38ab9d20)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33028: Fix calculations around cronjob fines.pl
Thibaud Guillot [Tue, 21 Feb 2023 16:05:45 +0000 (17:05 +0100)]
Bug 33028: Fix calculations around cronjob fines.pl

When currency format is set on FR commas are decimals separators
but when cron like fines.pl try to calculate fines it's fails due to
this format.

I changed this behavior by targetted 'fine' and 'overduefinescap' in
circulation_rules.rule_name to unformat them when we save them.

This also fix the display in smart_rules table (before with commas price
was not good displayed - without decimals)

Test Plan :
1) Set your currency format on 'FR' and 'fine' OR/AND 'overduefinescap'
with commas
2) Be sure to have some patron overdues
3) Run ~/misc/cronjobs/fines.pl with args to find overdues
4) See an error like 'isn't numeric in substraction[..] or gt > [...]'
5) Run updatedatabase script (it will replace commas in your rules
changed in step 1) )
6) Repeat step 3 and see that everything was going "fine" (:tada:)

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1f9e161b412621c048c55741bab56b92c0b01a15)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 33117: Make dbrev idempotent
Tomas Cohen Arazi [Mon, 7 Aug 2023 18:13:46 +0000 (15:13 -0300)]
Bug 33117: Make dbrev idempotent

QA didn't spot the issue, nor I. So fixing now.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 951e67a1b3dd1f26eddeaecd2dc63991f9667927)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoUpdate release notes for 23.05.02 release v23.05.02
Fridolin Somers [Fri, 28 Jul 2023 21:27:35 +0000 (11:27 -1000)]
Update release notes for 23.05.02 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoIncrement version for 23.05.02 release
Fridolin Somers [Fri, 28 Jul 2023 21:10:08 +0000 (11:10 -1000)]
Increment version for 23.05.02 release

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoTranslation fixes for Koha 23.05.02
Fridolin Somers [Fri, 28 Jul 2023 21:08:22 +0000 (11:08 -1000)]
Translation fixes for Koha 23.05.02

Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoMerge remote-tracking branch 'translate/23.05.02-translate-20230728' into 23.05.x...
Fridolin Somers [Fri, 28 Jul 2023 19:34:04 +0000 (09:34 -1000)]
Merge remote-tracking branch 'translate/23.05.02-translate-20230728' into 23.05.x-security

15 months agoTranslation updates for Koha 23.05.02
Koha translators [Fri, 28 Jul 2023 19:26:37 +0000 (16:26 -0300)]
Translation updates for Koha 23.05.02

15 months agoBug 33881: Clear self-check JWT during auth kick out
David Cook [Tue, 6 Jun 2023 03:48:06 +0000 (03:48 +0000)]
Bug 33881: Clear self-check JWT during auth kick out

This patch clears the JWT cookie during auth kick out (ie
when a web user navigates from the self-check out/in to
the rest of Koha).

Test plan:
0. Apply patch and koha-plack --reload kohadev
1. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
2. Log in as the "koha" user
3. In another tab, go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
4. Go to http://localhost:8080/cgi-bin/koha/opac-search.pl?idx=&q=a&weight_search=1
5. Note that you are prompted to "Log in to your account" via the normal Koha prompt
6. Go to http://localhost:8080/cgi-bin/koha/sco/sco-main.pl
7. Note that you are prompted to "Log in to your account" within the "Self checkout system",
and note that your self-checkout session for the "koha" user has *not* persisted like
it did before the patch was applied

Signed-off-by: Andrew Fuerste-Henry <andrewfh@dubcolib.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 1fa961b97b8f52d1c9920c72d9338d150deb829b)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 30524: (QA follow-up) Fix tests
Tomas Cohen Arazi [Fri, 28 Jul 2023 13:40:28 +0000 (10:40 -0300)]
Bug 30524: (QA follow-up) Fix tests

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 158edb411b32253fae4f068ce416d6ad4d1a67d3)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 30524: (QA follow-up) Unit tests for GenerateCSRF()
Tomas Cohen Arazi [Thu, 27 Jul 2023 18:33:55 +0000 (15:33 -0300)]
Bug 30524: (QA follow-up) Unit tests for GenerateCSRF()

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 60d11ae7251a227fab3977ecd61cb01d0f062f79)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 30524: (QA follow-up) Only generate CSRF token if it will be used
Kyle M Hall [Thu, 27 Jul 2023 11:45:57 +0000 (07:45 -0400)]
Bug 30524: (QA follow-up) Only generate CSRF token if it will be used

This patch avoids generating CSRF tokens unless the csrf-token.inc file
is included in the template.

Passed token doesn't need HTML escaped. The docs for WWW::CSRF state:
  The returned CSRF token is in a text-only form suitable for inserting into a HTML form without further escaping (assuming you did not send in strange things to the Time option).

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit ddf1eb6cef14da365675890920ff72f010c59527)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34023: Prevent HTML injection in "back to results" link from search page
Michał Górny [Fri, 16 Jun 2023 14:16:37 +0000 (16:16 +0200)]
Bug 34023: Prevent HTML injection in "back to results" link from search page

It is possible inject raw HTML into the "Back to search results" link by leading the user to a search with specially crafted URL.

For example, using the demo instance:

1. Visit https://koha.adminkuhn.ch/cgi-bin/koha/opac-search.pl?idx=&q=test&weight_search=1&%22%3Etest%3Ca%20foo=%22

2. Refresh the page (for some reason, "back to results" doesn't appear unless I do that at least once).

3. Click any result.

Note that the result page now contains:

  <a href="opac-search.pl?idx=&amp;q=test&amp;weight_search=1&amp;">test<a foo=%22" title="...

i.e. `">test<a ...` was successfully injected into the HTML.

I'm attaching a quick patch I've used to patch up our instance.  It just indiscriminately URI-escapes all parameter keys.  I didn't decode them back since as far as I understand all valid keys do not contain special characters.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e86e81a2480ec5486660bac241c694210eaefa11)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 22990: (follow-up) Fix suggestion.pl
Martin Renvoize [Thu, 13 Jul 2023 09:40:38 +0000 (10:40 +0100)]
Bug 22990: (follow-up) Fix suggestion.pl

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 64500a92130f6e879b6a49b5ee7c9f45b7554170)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 22990: Fix template toolkit syntax issues in shelves_results.tt
David Cook [Wed, 11 May 2022 07:06:55 +0000 (07:06 +0000)]
Bug 22990: Fix template toolkit syntax issues in shelves_results.tt

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit fd69581fcf743c6720cc8b5fba687f75fc613321)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 22990: Fix for shelves table
Martin Renvoize [Thu, 16 Sep 2021 14:13:23 +0000 (15:13 +0100)]
Bug 22990: Fix for shelves table

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit c0f232250e1186dd217e77db7e121a0b98a789cb)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 22990: Add CSRF protection to boraccount, pay and suggestion
Amit Gupta [Wed, 22 Jan 2020 16:07:22 +0000 (21:37 +0530)]
Bug 22990: Add CSRF protection to boraccount, pay and suggestion

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Test plan would have been nioe.
Tested by changing MAX_AGE with suggestions.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 833d1dc8b082cc742b88e358edef77960b5ffc2f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34368: Add CSRF token to Content Management pages
David Cook [Tue, 25 Jul 2023 05:18:00 +0000 (05:18 +0000)]
Bug 34368: Add CSRF token to Content Management pages

This change adds a CSRF token to the Content Management pages
at additional-contents.pl.

Test plan:
0. Apply patch
1. koha-plack --restart kohadev
2. Try to add "News", "HTML customizations", and "Pages".
3. Try to delete these new content entries
4. Note that you were successful in your endeavours

JD amended patch: remove empty line removal (no need to create
unecessary conflicts)

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit e97fae72141446b0a2fb06c454c601966e5f3494)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 30524: Unit tests
Martin Renvoize [Fri, 23 Jun 2023 10:52:28 +0000 (11:52 +0100)]
Bug 30524: Unit tests

Test plan:
Run t/Output.t
Run t/db_dependent/Auth.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2918f6ceda533719ac0da53d8245ea4826f43681)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 30524: Core CSRF checking code
Martin Renvoize [Wed, 13 Apr 2022 12:55:04 +0000 (13:55 +0100)]
Bug 30524: Core CSRF checking code

Split out from bug 22990 as requested.

Signed-off-by: David Cook <dcook@prosentient.com.au>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit aba9e61cfbab1e915f1be4a527b5708b9ec59c35)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34029: (RMaint) fix DBRev name
Fridolin Somers [Fri, 28 Jul 2023 07:12:10 +0000 (21:12 -1000)]
Bug 34029: (RMaint) fix DBRev name

15 months agoBug 34181: Fix jQuery selector to make delete checkboxes reappear
Katrin Fischer [Sun, 16 Jul 2023 14:11:19 +0000 (14:11 +0000)]
Bug 34181: Fix jQuery selector to make delete checkboxes reappear

Bug 32257 changed the page structure slightly to fix a display
issue with the labels. This resulted in a broken selector in the
function for displaying the checkboxes for deleting/emptying a
certain patron field.

To test:
* Go to Tools > Batch patron modifications
* Enter some cardnumbers or borrowernumbers
* On the batch patron edit form, verify that the checkboxes
  behind each input field are missing
* Apply patch
* Verify the checkboxes reappeared
  * Verify that for mandatory fields the checkbox is locked
* Make some batch edits and verify the checkboxes work as
  intended

Signed-off-by: Lisette Scheer <lisette.scheer@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit d81b009ab0634e1ae33a1bb5cf20cad538bb361f)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34337: (bug 33581 follow-up) Sample patrons not inserted
Jonathan Druart [Fri, 21 Jul 2023 09:27:26 +0000 (11:27 +0200)]
Bug 34337: (bug 33581 follow-up) Sample patrons not inserted

The "select all" link for the optional sample data is not selecting
holidays and patrons.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 39496af98f3d6408821636b92c5f6e3a25e5e71c)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34178: (QA follow-up) Tidy
Martin Renvoize [Wed, 19 Jul 2023 09:24:32 +0000 (10:24 +0100)]
Bug 34178: (QA follow-up) Tidy

Tidy the relevant lines to pass the new QA rules

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34178: Adjust tests
Nick Clemens [Fri, 30 Jun 2023 19:32:36 +0000 (19:32 +0000)]
Bug 34178: Adjust tests

We need to clear the cache when changing rules/statuses

To test:
1 - prove -v t/db_dependent/Holds/DisallowHoldIfItemsAvailable.t

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoBug 34178: Cache ItemsAnyAvailableAndNotRestricted in memory and don't precalculate
Nick Clemens [Fri, 30 Jun 2023 19:26:40 +0000 (19:26 +0000)]
Bug 34178: Cache ItemsAnyAvailableAndNotRestricted in memory and don't precalculate

There are several places in the code where we precalculate ItemsAnyAvailableAndNotRestricted to avoid
looping on this routine when calling IsAvailableForItemLevelRequest on a list of items form a biblio

The value of ItemsAnyAvailableAndNotRestricted is only used when there is a circulation rule for
'onshelfholds' with a value of '2' (If all unavailable)

Rather than calculate a value that may never be used, let's cache this value per request when we do
calculate it - and reuse the cached value

To test:
 1 - Apply patch
 2 - Set circulation rule 'On shelf holds allowed' as 'If all unavailable'
    make sure the rule applies to all of the items/patrons you test with
 3 - Find a record with two items that are available
 4 - Try to place a hold for a patron - not allowed
 5 - Check out one item to another patron
 6 - Attempt hold - still not allowed
 7 - Check out second item to another patron
 8 - Attempt hold - allowed!
 9 - Apply patch
10 - Cancel and replace hold - it is allowed!
11 - Check in one item, and cancel hold
12 - Place hold - not allowed!
13 - Check in second item
14 - Place hold - not allowed!
15 - prove -v t/db_dependent/Holds/DisallowHoldIfItemsAvailable.t

Signed-off-by: Sam Lau <samalau@gmail.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
15 months agoRMAINT: Remove x-koha-query usage in biblios.t
Tomas Cohen Arazi [Tue, 13 Jun 2023 13:44:47 +0000 (10:44 -0300)]
RMAINT: Remove x-koha-query usage in biblios.t

RMAINT Comment: We remove x-koha-query in the header support
inadvertantly when backporting bug 33974. As such we backport the test
fix only for bug 33971.

This patch removes handling of x-koha-query from the tests.

To test:
1. Run:
   $ ktd --shell
  k$ prove t/db_dependent/api/v1/biblios.t
=> SUCCESS: Tests pass
2. Apply this patch
3. Repeat 1
=> SUCCESS: Tests still pass! Change from x-koha-header to q= gives same
results.
4. Sign off :-D

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0f1b048b5d1a0e575a0352b978a21297cc282ad5)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
15 months agoBug 33671: (follow-up) Disable FK check for column change
Marcel de Rooy [Wed, 12 Jul 2023 14:09:35 +0000 (14:09 +0000)]
Bug 33671: (follow-up) Disable FK check for column change

See also BZ report. As suggested by Tomas.

NOTE: The dbrev is extended too for removing records with a failing guarantor_id
foreign key (theoretically not present obviously).

Test plan:
1) cp installer/data/mysql/db_revs/220600048.pl installer/data/mysql/atomicupdate/
2) Run updatedatabase.pl
3) Remove copied file

Bonus:
Manually remove FK constraint before running updatedatabase.
Insert a record with bad guarantor_id into relationships manually.
Run the update again.
You should not see the message that the constraint is removed.
Is the bad record count reported and record removed?

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Simplified. No longer removes the FK. Just disables during ALTER.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 0397251ece455801d5b3083feb84cf959cfcea83)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
15 months agoBug 34303: Only perlcritic files from git repo
Marcel de Rooy [Tue, 18 Jul 2023 10:59:33 +0000 (10:59 +0000)]
Bug 34303: Only perlcritic files from git repo

Test plan:
Run t/00-testcritic.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
JD amended patch: tidy

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 2bc251cfdd1efdf6d0f7f299838ff067744ff17b)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
15 months agoBug 31339: Add staff wrapper template include for tool plugins
David Cook [Tue, 23 Aug 2022 06:27:59 +0000 (06:27 +0000)]
Bug 31339: Add staff wrapper template include for tool plugins

This change adds a template include which can be used as a
WRAPPER for tool plugins, which makes it easy to pages in tool
templates without having to copy and maintain a lot of template
boilerplate.

Test plan:
0. Apply patch and koha-plack --restart kohadev
1. Upload koha-plugin-test-wrapper
2. Enable the plugin
3. Click "Actions" and click "Run tool"
4. Note how the plugin page looks like a perfect Koha Tools page
5. Note that the plugin only contains 6 lines of template code
to achieve this effect

Signed-off-by: David Nind <david@davidnind.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit bc13d57e02083a541411aa964cb244a0e75ae8d5)
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>