Kyle M Hall [Fri, 19 Jul 2024 13:54:44 +0000 (09:54 -0400)]
Bug 29509: (QA follow-up) Tidy atomic update
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0505531cde2e0513a2c8fbc3c91d18f9ae3a3a89) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Tue, 7 May 2024 13:18:04 +0000 (14:18 +0100)]
Bug 29509: (QA follow-up) Check top level permissions too
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 56c7c3782b2ceacbbd2777ec0f3fa9955e877d2c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Mon, 22 Jan 2024 16:49:56 +0000 (16:49 +0000)]
Bug 29509: Update swagger specification and add permissions to users
This patch removes the 'edit_borrowers', 'manage_bookings',
'lable_creator', 'routing' and 'order_manage' permissions from the list
of options in the patrons list endpoint.
We then assign the new 'list_borrowers' permission to any users who have
those removed permissions
Test plan
1) Apply patch and run the database update
2) Users with any of the permissions listed above should now also have
the 'list_borrowers' permission too.
3) Check that patron searching continues to work from the various
locations in the UI for the above affected users
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Incorporated second patch and removed 1<<4. 16 reads much better :)
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 85ea79c45b6f95baee9ec955c6c09046808771b5) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
If syspref "noItemTypeImages" is disabled, holdings table won't display
itemtype column. This patch fixes this.
To reproduce:
1. Enable syspref "noItemTypeImages".
2. Find biblio with items.
=> Note that itemtype column is displayed on holdings table.
3. Disable syspref "noItemTypeImages".
=> Itemtype column is no longer displayed on holdings table.
4. Apply this patch.
=> Now column should be displayed correctly.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 313f7e86b8b9bb063d07be292dd352c2f889fa99) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Andreas Roussos [Mon, 1 Jul 2024 14:27:42 +0000 (14:27 +0000)]
Bug 37226: append a random number to the `id` attribute of each <li>
When you view the authority details page for a term that contains more
than one terms with broader relationship, clicking on the expand/collapse
arrows next to the top-level terms in the hierarchy tree will not work
properly, i.e. *only one* broader term will show the narrower term under
it at any given time.
This is affecting both the OPAC and the Staff interface.
This is happening because in the HTML source of the page the individual
<li> elements associated with each node do not have unique `id` values,
which confuses the JavaScript library (jsTree) responsible for rendering
the hierarchy tree.
This patch fixes that by appending a random number to each `id` attribute.
Test plan:
0) Enable the AuthDisplayHierarchy System Preference (set to 'Show').
1) Copy the provided MARC21 Authority sample data (sample-data.mrc)
to your KTD Koha container (it must have MARC21 marc flavour):
2) Import the provided authorities (the sample file contains three
Geographic Name records):
WARNING! the --delete switch is passed to bulkmarcimport.pl
WARNING! this will erase any authority data you have in your instance!
(this is done to retain the broader/narrower authid associations)
In the authority hierarchy tree, click the arrows next to 'Europe'
and 'Greece' to expand and show the narrower term: notice how only
one item works at any given time.
4) Apply the patch.
5) Repeat step 3) (refresh the pages) -- this time you should be able
to view 'Athens' as a narrower term of both 'Europe' and 'Greece'
at the same time.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 24e54b1fd4b241a0d5723ff7ec97b2fe9645d577) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Eric Garcia [Tue, 16 Jul 2024 17:00:43 +0000 (17:00 +0000)]
Bug 37343: Fixed search for vendors when transferring an item in acquistions
To test:
1. Have several vendors in acquistions
2. Add a basket and click "+Add to basket"
3. I used an mrc file to add an order from a new file
4. Stage for import -> add staged files to basket
5. Select the items and choose an item type
6. In the Orders table click 'Transfer' under the 'Modify' column
7. Try searching for vendors, nothing happens.
8. Apply patch restart_all
9. Click 'Transfer' again and try searching for vendors.
10. Notice vendors appear
NOTE:
Vendor search is a GET operation not POST. Use 'do_search' instead of 'cud-do_search'.
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 54575f3c30f6eab9adf2078ffcb92cee05a987dc) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Matt Blenkinsop [Fri, 28 Jun 2024 13:53:10 +0000 (13:53 +0000)]
Bug 29087: (QA follow-up): Fix QA tests
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
[EDIT] Conform BZ comment31 Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 7f5e1fac86bf7eaa3f217a8e41cc4522e7fe9c3c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Matt Blenkinsop [Tue, 16 Apr 2024 12:47:16 +0000 (12:47 +0000)]
Bug 29087: Add unit tests
prove t/db_dependent/Koha/Items.t
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 44d3762a6921a323443ca56996fc55d5e96cc9b8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Fri, 19 Nov 2021 12:27:44 +0000 (13:27 +0100)]
Bug 29087: Prevent filter_by_for_hold to crash if default holdallowed is not_allowed
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 8c804c17493ecc9cb993c5434644c1b2a860bae3) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Fri, 5 Jul 2024 13:28:24 +0000 (13:28 +0000)]
Bug 37260: Check message broker for both 'about' and 'sysinfo' tabs
Test plan:
1) Apply test patch only
2) Visit <staff_url>/cgi-bin/koha/about.pl
3) Notice it shows 'Using RabbitMQ' (it should show 'Using SQL polling')
4) Apply this patch, repeat 3)
5) Notice it now shows 'Using SQL polling'
6) Remove test patch. Notice it shows 'Using RabbitMQ' again.
7) Repeat test plan but for /cgi-bin/koha/about.pl?tab=sysinfo tab
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6a321c6ee44413e1e3601d1d9fcd727788e2bb3f) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Tue, 18 Jun 2024 19:34:52 +0000 (19:34 +0000)]
Bug 37111: Fix renew link on opac-user.tt
To test:
1. Check some items out to a patron
2. Set the username and apssword for the patron so that you can log in as that patron.
3. Log in to the OAPC as that patron.
4. Go to Your account > Summary (the default landing page after you log in).
5. Click "Renew" for one of the items.
6. You get the error as above.
7. APPLY PATCH
8. Try steps 1 -5 again, you should not get an error.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Alexander Wagner <alexander.wagner@desy.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 58838fc263ecc9a843c94520e373030c77fc4eed) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Tue, 18 Jun 2024 19:34:24 +0000 (19:34 +0000)]
Bug 37111: Add submit-form asset to OPAC assets
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Alexander Wagner <alexander.wagner@desy.de> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6c56d3d90b92a4ca6f7120a187adb35d3e6fd914) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Wed, 17 Jul 2024 15:10:24 +0000 (15:10 +0000)]
Bug 37371: Move Maskito instantiation to onReady ( OPAC )
To test:
1. Find a any date picker in Koha, like DOB in the patron record.
2. Add a date, either manually or using the date picker.
3. Once there is a date like 07/15/2024 try to edit only part of the
date, or the '15'.
4. The date easily becomes malformed.
5. APPLY PATCHSET, maybe clear your browser cache too
6. Try directly inputing dates. I would suggest the following places:
-Patron record DOB
-Specify due date on circ/circulation.pl as this includes time
-Add item screen, this is the dateaccessioned plugin
-OPAC self reg/self modify
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit bae3203f700cdac634b5bd3c65e02902c8ae50bf) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Wed, 17 Jul 2024 14:58:14 +0000 (14:58 +0000)]
Bug 37371: Move Maskito init to onReady in dateaccessioned.pl
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit f723c33d480dbd1883fa32dc85e6cc0bd8a5c0a0) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Wed, 17 Jul 2024 14:50:42 +0000 (14:50 +0000)]
Bug 37371: Set overwrite mode to replace
In our case I think overwriteMode needs to be set to replace:
https://maskito.dev/core-concepts/overwrite-mode Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 0f04c9a26afe02824e1c3b213a4c0f8ad212278c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Wed, 17 Jul 2024 14:08:58 +0000 (15:08 +0100)]
Bug 37371: Move Maskito instantiation to onReady
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 7e1de5b5574bf09cdc9c4f83f6f0acd916c6d6cf) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Emily Lamancusa [Fri, 28 Jun 2024 21:02:50 +0000 (17:02 -0400)]
Bug 37216: (follow-up) Clear invalid value
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 37683ffd695f6cc0c356325e8b9f2c2a516e1477) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Fri, 28 Jun 2024 15:03:03 +0000 (16:03 +0100)]
Bug 37216: (QA follow-up) Add update to set existing options
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit fbcdce5e0a00da4eb8884a7786ead92db966ad16) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Emily Lamancusa [Thu, 27 Jun 2024 20:27:37 +0000 (16:27 -0400)]
Bug 37216: Fix SQL for EmailFieldSelection
Test plan:
Part A: New installation
1. Start a fresh test instance
2. Set EmailFieldPrimary to "selected addresses", and do not touch
EmailFieldSelection
3. Edit a patron to ensure the following fields are set:
- Primary email
- Secondary email
- Alternate email
- Enable email notices for item checkout
4. Attempt to check an item out to that patron
--> Koha explodes!
5. Apply patch
6. reset_all
7. Repeat steps 2-4
--> Checkout succeeds!
8. Ensure test plan for bug 12802 still passes
Part B: Upgraded installation
1. Start a fresh test instance at version 23.11
2. Switch to main
3. Install database update
4. Set EmailFieldPrimary to "selected addresses", and do not touch
EmailFieldSelection
5. Edit a patron to ensure the following fields are set:
- Primary email
- Secondary email
- Alternate email
- Enable email notices for item checkout
6. Attempt to check an item out to that patron
--> Koha explodes!
7. Go back to 23.11 and reset_all
8. Switch to main and apply patch
9. Repeat steps 4-6
--> Checkout succeeds!
10. Ensure test plan for bug 12802 still passes
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 89a0c62da407e5981f7bc30b12691f0a1546905d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Mon, 12 Aug 2024 12:10:12 +0000 (12:10 +0000)]
Bug 37508: Don't return Internal server error when running report
To test:
1 - Create a report like:
SELECT "a"
FROM borrowers
WHERE <<Test>> != ''
2 - Run report
3 - Enter "password"
4 - Internal server error / stacktrace
5 - Apply patch
6 - Repeat
7 - Get a yellow warning box
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Wed, 7 Aug 2024 01:15:10 +0000 (01:15 +0000)]
Bug 37508: Test for errors when returning an aliased password column
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 37508: Throw error if password column is detected in SQL report
This enhancement prevents SQL queries from being run if they would return a password field from the database table.
To test:
1. Run tests and notice they fail t/db_dependent/Reports/Guided.t
2. Apply patch and restart services
3. Create a public report with an SQL report which would access a password column in a database table
4. Try to run the report. Notice you are met with an error and the results are not shown.
5. Access the JSON URL, you should not get the results and should be shown an error
6. Confirm tests pass t/db_dependent/Reports/Guided.t
Sponsored-by: Reserve Bank of New Zealand Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 37370: Return 400 if OpacExportOptions does not contain the passed format
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit a164c51d78f375d9d660e2c079cc7e05d2d1d326) Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Thu, 25 Jul 2024 06:44:37 +0000 (06:44 +0000)]
Bug 37466: Add correct filter for sort_by in results.tt
This patch replaces the $raw filter with the correct uri filter
for the sort_by in results.tt
Test plan:
1. Apply patch
2. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=1
3. Click on "Edit this search"
4. Note that the "Popularity (most to least)" Sort by option is selected
5. Go to /cgi-bin/koha/catalogue/search.pl?count=20&sort_by=popularity_dsc&idx=kw&q=24y24ty2498294t9824yt9y23
6. Click on "Edit this search"
7. Note that the "Popularity (most to least)" Sort by option is selected
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5148e05d408b43c0eb330683ffa4c26c90faa696) Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Thu, 25 Jul 2024 06:56:18 +0000 (06:56 +0000)]
Bug 37464: Validate "type" sent to barcode/svc
This change validates the "type" sent to the barcode/svc. Without this
change, we pass the user input directly to GD::Barcode, which passes
the input into an eval{} block without any validation of its own.
Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=bad&barcode=123456
3. Note that a Code39 barcode is provided for an invalid type
4. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=Code39&barcode=123456
5. Note that a Code39 barcode is provided
6. Go to http://localhost:8081/cgi-bin/koha/svc/barcode?type=UPCE&barcode=123456
7. Note that a non-Code39 barcode is provided (presumably UPCE)
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 73b0c3cf621250008845f22f7a36f90a48e00b06) Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Fri, 26 Jul 2024 04:01:43 +0000 (04:01 +0000)]
Bug 37488: Validate paths in datalink.txt/idlink.txt files
This change validates the paths in datalink.txt/idlink.txt,
so that only images in the unpacked archive directory are allowed
Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Create a datalink.txt file with the following:
42,selfie.jpg
3. Create a jpeg at selfie.jpg
4. ZIP the datalink.txt and selfie.jpg files
5. Upload to the "Upload patron images" tool
(after enabling the "patronimages" system preference)
6. Note that the image uploads correctly
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 8fcb767fe2836c90ceacb5b5d8211524571eb8aa) Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
David Cook [Fri, 26 Jul 2024 03:27:22 +0000 (03:27 +0000)]
Bug 37323: Tidy
Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 579c28c764257a250c12aa11207772c074c1335e) Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Chris Cormack [Thu, 18 Jul 2024 23:57:32 +0000 (23:57 +0000)]
Bug 37323: Don't allow symlinks in link files in zip and validate filepaths
Test plan:
0. Apply patch and restart/reload Koha
1. Test that uploading a patron image still works, in single file format and as a zip
Work as suggested
Signed-off-by: Amit Gupta <amit.gupta@informaticsglobal.com> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 9bc0521493fbe2f9fe0dde051d0b2f52c8a14a9a) Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Amit Gupta [Thu, 11 Jul 2024 17:43:06 +0000 (23:13 +0530)]
Bug 37323: Escape characters in patron image picture upload
To Test
1. Create a file name for example: test.zip`curl xxxxtesting.informaticsglobal.com`.zip
where the domain is one you can watch the logs from.
2. Go to Tools and click on Upload patron images choose option zip file and upload the file.
3. Check /var/log/apache2/access.log and see the curl with the IP
"xx.xxx.xx.xxx - - [11/Jul/2024:23:10:33 +0530] "GET / HTTP/1.1" 200 267 "-" "curl/7.68.0"
4. Apply the patch
5. Repeat 2 and 3 step and check no error is coming for the Remote execution error.
6. Test uploading actual zip file and images still works.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
(cherry picked from commit 5c931e00f73e91467581fd29721e5af8d7fa98ab) Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Bug 37255: Fix handling of "All" values on waiting hold cancellation policy
If one creates a default waiting hold cancellation policy with
patron categories set as "All" and itemtype set as "All", Koha
breaks on 500 error. This happens because in we try to match
template policy with "All" values either in category or itemtype
with *, not undef. This patch fixes this.
To test:
1. Create a new default waiting hold cancellation policy and
set both patron category and itemtype as "All".
2. Save policy.
=> Error page for error 500 is displayed.
3. Apply this patch.
4. Reload page.
=> Page is displayed and policy listing displays new policy
as it should.
Sponsored-by: Koha-Suomi Oy Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Pedro Amorim <pedro.amorim@ptfs-europe.com> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Andreas Jonsson [Wed, 31 Jul 2024 09:06:02 +0000 (09:06 +0000)]
Bug 37533: Fix query in orderreceive.tt
The new validation in the REST API will no longer allow
the operator "in". Consequently, it has to be replaced
with the allowed "-in".
Test plan:
* Open an invoice and click "Go to receipt page" and
on any basket click "receive" and make sure the dialog
box appears.
Signed-off-by: Aleisha Amohia <aleishaamohia@hotmail.com> Signed-off-by: David Cook <dcook@prosentient.com.au> Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Hammat Wele [Thu, 27 Jun 2024 14:09:04 +0000 (14:09 +0000)]
Bug 37210: Escape single quote in search string in overdue.pl
To Test:
1. Go to /cgi-bin/koha/circ/overdue.pl
2. In the «Name or card number» field, type «Tommy'and(select(0)from(select(sleep(10)))v)and'»
3. Apply the filter
==> It takes 10 seconds, sleep(10) is executed
4. Inspect the page, in «Patron category:» field, put «Tommy'and(select(0)from(select(sleep(10)))v)and'» in one of his option's value
5. select the option from the filter and Apply the filter
==> It takes 10 seconds, sleep(10) is executed
we can inject SQL to the followin field : borname, itemtype, borcat, holdingbranch, homebranch and branch
6. Apply the patch
7. Repeat step 1,2,3
==> it doesn't take 10 seconds, the injected sql is not executed
8. Repeat step 5
==> it doesn't take 10 seconds, the injected sql is not executed
9. Repeat step 5 with the followin field : itemtype, holdingbranch, homebranch and branch
==> it doesn't take 10 seconds, the injected sql is not executed
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
The /libraries/{library_id}/cash_registers endpoint was missing the
library_id parameter definition from the swagger specification.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 466d38f18d43e968f3b69562c1ee018177953681) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
The /libraries/{library_id}/desks endpoint was missing the
library_id parameter definition from the swagger specification.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 6aadc4a42308815803ac77c124ac4e778141e349) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37018: Add 400 response definition to all routes
This patch adds a test for well defined 400 responses on all verbs and
paths on the API spec.
The tests verify:
* Presence of 400 response definition
* The description must start with 'Bad request' (needs coding guideline)
* If DBIC queries are allowed on the route, then `invalid_query` needs
to be mentioned in the description.
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Wed, 10 Jul 2024 08:39:33 +0000 (09:39 +0100)]
Bug 37018: Clarify operators
This patch clarifies the list of operators both in the validate routine
and in the swagger descrption block where we document this feature for
the end user.
JD amended patch: tidy
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37018: Handle exception in unhandled_exception() helper
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37018: (follow-up) adding some allowed operators
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Wed, 5 Jun 2024 13:20:22 +0000 (14:20 +0100)]
Bug 37018: Use validation in search_rs helper
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Wed, 5 Jun 2024 13:19:54 +0000 (14:19 +0100)]
Bug 37018: Add validation method to Koha::REST::Plugin::Query.pm
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Wed, 5 Jun 2024 13:19:06 +0000 (14:19 +0100)]
Bug 37018: Unit tests
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This patch adds regression tests. With the current codebase, the
malicious query returns a 200. It should be caught and a 400 needs to be
returned.
To test:
1. Apply this patch
2. Run:
$ ktd --shell
k$ prove t/db_dependent/api/v1/query.t
=> FAIL: It returns a 200
3. Once the rest of the patches are ready, repeat 2
=> SUCCESS: It returns a 400
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Fri, 5 Jul 2024 12:47:42 +0000 (14:47 +0200)]
Bug 37247: Fix display of "closed"
The subscription was not shown as closed after we closed it.
This is because "closed" is not passed to the template.
It seems more reliable to rely on the subscription object (that is passed to both
serials/serials-collection.tt and serials/subscription-detail.tt, the
others are not showing the Reopen/Close buttons)
Also fetch the subscription object after and reopen/close it to display
accurate values.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37247: Fix subscriptions operation allowed without authentication
Move close and reopen after get_template_and_user().
Also move Koha::Subscriptions->find(), not a good idea to run DB queries
before authentication.
Test plan :
1) Apply patch
2) Authenticate to staff interface
3) Go to an existing open subscription
4) Open a new browser tab and use it to log-out
5) Go to first tab and click on 'Close'
6) You get login page
7) Authenticate
8) Check subscription is not closed
9) Check you can close and reopen subscription
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Fri, 21 Jun 2024 01:45:51 +0000 (01:45 +0000)]
Bug 37146: Prevent path traversal by validating input
This patch validates the plugin_name passed to plugin_launcher.pl
against the base path containing the "value_builder" directory.
Test plan:
0. Apply the patch
1. koha-plack --reload kohadev
2. Go to http://localhost:8081/cgi-bin/koha/cataloguing/addbiblio.pl?biblionumber=29
3. Check that the tag editor for leader still works
4. Go to http://localhost:8081/cgi-bin/koha/cataloguing/additem.pl?biblionumber=29
5. Check that the pluginf or "Date acquired" still works
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jonathan Druart [Wed, 15 May 2024 12:47:30 +0000 (14:47 +0200)]
Bug 36863: Deal with non-listed methods in CSRF plack middleware
Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Wed, 12 Jun 2024 17:49:25 +0000 (17:49 +0000)]
Bug 37074: Comment approval and un-approval should be CSRF-protected
This patch converts the "Approve" and "Unapprove" controls in the staff
client's comment moderation page so that the operations are POST instead
of GET.
To test, apply the patch and restart services.
- If necessary, enable OPACComments and submit a few comments on a few
titles in the OPAC
- Go to Tools -> Comments
- Test the process of approving, unapproving, and deleting comments
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Kyle M Hall [Thu, 18 Jul 2024 12:54:30 +0000 (12:54 +0000)]
Bug 37385: Fix Transfer not triggering automatically when cancelling a hold by checking in an item
Upadates for CSRF are inadvertently stopping AddReturn from being trigger
when a hold is canceled. This is necessary to generate the transfer
back to the originating library.
Test Plan:
1) Find item with a waiting hold, and check it in
2) In the popup notifying me of the waiting hold, select 'Cancel hold'
3) Note no second popup appears notifying you of the need to transfer the item to its home library
4) Apply this patch
5) Restart all the things!
6) Repeat steps 1-2
7) Second popup appears!
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Emily Lamancusa <emily.lamancusa@montgomerycountymd.gov> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 554efbe35483dbc3dd7615f7feeaa6edf14619e6) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Chris Cormack [Sat, 29 Jun 2024 22:52:42 +0000 (22:52 +0000)]
Bug 37183: Batch edit serial subscriptions sets expiration date to today
Test plan:
Add some serials:
1) Add a new serial, visit:
/cgi-bin/koha/serials/subscription-add.pl
2) Put a biblionumber in the 'record' field, e.g. '112'.
Press 'next' and click 'ok' on the alert box.
3) Fill all the required fields and click 'test prediction'.
4) Fill the Subscription end date (= Expiration Date).
5) Click 'save subscription'.
6) Repeat steps 1-5 to create a second serial.
Batch edit serials:
1) Visit serials and hit the 'Search' button:
/cgi-bin/koha/serials/serials-home.pl
2) Click the 2 checkboxes for the 2 serials we created
previously and click the new link that pops up
'Edit selected serials'.
3) Click 'Save' without changing anything.
4) Go back to either of the serials, notice the value
for Expiration date is changed to TODAY
(the date of the batch edit).
Apply the patch and retest the batch editing (before
retesting, change the expiration dates of the two
serials back to the original expiration date).
Note that the expiration date now only changes if you
enter a date in the 'Expiration date' field.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5a07a04fdb23aa13f85df64b1f2a4739397f5f28) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
This patch fixes the orders search in Acquisitions.
The form method is GET no need to prepend with cud-
Test plan:
1. Create an order that you can search for
2. Try order search, nothing happens
3. Apply patch restart all, refresh browser
4. Try order seach again and get results
Signed-off-by: Roman Dolny <roman.dolny@jezuici.pl> Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit f80cc53470ebba24b92c05e71ac74a7c3058234c) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Thu, 23 May 2024 00:47:08 +0000 (00:47 +0000)]
Bug 36741: Skip auto_too_soon issues in auto renew digest
This change adds a line to skip auto_too_soon issues/checkouts
in the auto renew digest template.
Since auto_too_soon do not trigger notifications and don't require
any special action, let's skip them in the breakdown of checkouts in
the AUTO_RENEWALS_DGST email.
Test plan:
0. Apply the patch
1. reset_all (in koha-testing-docker)
2. Note the following line in the AUTO_RENEWALS_DGST template:
[% NEXT IF (checkout.auto_renew_error == 'auto_too_soon') %]
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 05432982cf8a407872fd643206a14550c0d0a53a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Thu, 27 Jun 2024 15:55:55 +0000 (16:55 +0100)]
Bug 28664: (follow-up) Throw exception if debt if VOID
This patch adds an exception when an attempt is made to refund against a
VOID debit.
Test plan
1) Run the included unit test
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit b18664ec45ffbe761c50b6daca487c3222f8a5e0) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Mon, 5 Jul 2021 18:34:58 +0000 (19:34 +0100)]
Bug 28664: Prevent refunds against void lines
With the introduction of double entry accounting for VOID actions, we
need to add an additional filter to the 'Issue refund' button appearance
Test plan
1/ Add a debt
2/ Pay the debt
3/ Void the payment
4/ Confirm that with the patch applied the 'Issue refund' button doesn
not appear on the 'Void' accountline.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit a47474e3d771dff8cb3daa3c4641718796d11381) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Sam Lau [Thu, 6 Jun 2024 14:29:54 +0000 (14:29 +0000)]
Bug 37044: Added library branch to SCO OPAC message
This patch simply adds the correct branch at the end of an OPAC message on the SCO page.
To Test:
1) From the staff interface, click on a patron and add an OPAC message
to their account.
2) Log into the SCO with this patron.
(http://localhost:8080/cgi-bin/koha/sco/sco-main.pl)
3) Notice how in the "Messages for you" at the top, you will see the
message, however, at the timestamp, it says something like "Written
on 06/06/2024 by " w/o listing the library that sent it.
4) Apply patch
5) Log back into SCO module
6) Note that now in the message timestamp, it correctly lists the
library that sent the message.
7) Sign-off
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4801037abe0f8d294eb03503c2b5a275ed06f62a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Fri, 31 May 2024 13:14:17 +0000 (13:14 +0000)]
Bug 37002: Correct several HTML markup errors
This patch makes several minor corrections to HTML markup in the
bibliographic detail page template and related include files. This
corrects the following validator errors:
- Stray end tag a.
- Bad value true for attribute disabled on element select.
- Bad value true for attribute disabled on element input.
- No space between attributes.
- Duplicate attribute class.
- The value of the for attribute of the label element must be the ID of
a non-hidden form control.
The patch is simple enough that an inspection of the patch is probably
enough, but following is a detailed test plan of the affected areas:
- Apply the patch and view the bibliographic detail page in the
staff interface.
- Under the "Edit" menu in the toolbar, these options should still work
correctly:
- Modify record using template
- Edit items in a batch
- Delete items in a batch
- Click the "Items" link in the sidebar and find the "Bookable" setting
for the title's items. Make at least one item bookable and return to
the detail page.
- Click the "Place booking" button in the toolbar and confirm that you
can successfully place the booking.
- If you have access to Novelist, confirm that Novelist content displays
correctly on the detail page.
- Turn on the "EnableItemGroups" preference.
- On the detail page, open the "Item groups" tab and click the "New item
group" button.
- In the modal, the "Name" and "Display order" labels give focus to
the corresponding form field when clicked.
- Create an item group.
- Under the holdings tab, select one or more items and click "Add/move
to item group".
- In the modal, clicking the "Item group" label should give focus to
the dropdown.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 928681a24cbcca64d02822c13776c2f92df2a963) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Matt Blenkinsop [Fri, 17 May 2024 13:48:28 +0000 (13:48 +0000)]
Bug 36895: Fix background job link
This patch fixes the missing job id in the links from the import KBART file page
Test plan:
1) Import a KBART file to get the message at the top of the screen.
2) The message should include a link on the text "see progress"
3) Click the link, it should just take you to the background jobs page
4) Apply patch
5) yarn build
6) Hard refresh the browser
7) Repeat steps 1-3
8) It should correctly take you to the background job
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit dc154e3dd2a4184d23d0cc8a966560bd43cb6038) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Tue, 21 May 2024 14:47:21 +0000 (14:47 +0000)]
Bug 36909: Eliminate duplicate ID in cookie consent markup
This patch changes markup and CSS in the OPAC and staff client to
eliminate HTML validator warnings about duplicate ids.
To test, apply the patch and rebuild all CSS (Bug 36909: Eliminate
duplicate ID in cookie consent markup).
- If necessary, set the "CookieConsent" system preference to "Require."
- Open the OPAC in a new private window (to prevent previous consents
from hiding the consent messages).
- You should see a cookie consent bar across the bottom of the page. It
should look correct, and its contents should reflow well at various
browser widths.
- Click "Accept all cookies."
- In the header you should now see a "Your cookies" link.
- Click it and confirm that the contents of the modal look correct and
reflow well at various browser widths.
- Perform the same tests in the staff interface.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 984960351ec23994d87642ec1b077e7577ca5659) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 149412cb62a074ccdef1e1c2bbbd2bee35c48498) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Fridolin Somers [Wed, 21 Feb 2024 09:09:30 +0000 (10:09 +0100)]
Bug 36141: Add classes to CAS text on OPAC login page
This enhancement makes it easier for libraries to change the CAS-related messages on the OPAC login page.
It moved the invalid CAS login message above the CAS loging heading,
like for Shibboleth login.
Test plan :
1) Enable system preference 'casAuthentication'
2) Restart all caches (restart_all in koha-testing-docker)
3) Go to OPAC, logged out
4) Click on 'Log in to your account'
5) In the staff interface, edit the OPACUserJS system preference. Add the following JS and Save:
$(".cas_invalid").text("Test changing the invalid CAS login message.");
$(".cas_title").text("Test changing the CAS login heading.");
$(".cas_url").text("Test changing the CAS account link text.");
$(".cas_url").after(' <i class="fa fa-globe" aria-hidden="true"></i>');
6) Refresh the OPAC and confirm the text changes to reflect your JS.
Signed-off-by: Matt Blenkinsop <matt.blenkinsop@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0e1289d0149d788d7925c2e01f193da7ef3b469a) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Tue, 21 May 2024 17:12:21 +0000 (17:12 +0000)]
Bug 36911: (follow-up) Add markup comments
This patch adds comments to the template to highlight the markup
structure.
This patch should have no effect on the page's appearance or
functionality.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 8d898f1746bfb049950bd3928da1cce9c5c3c14d) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Owen Leonard [Tue, 21 May 2024 16:36:54 +0000 (16:36 +0000)]
Bug 36911: Reindent circ-menu.inc
This patch reindents the circ-menu include file so that it has
consistent indentation. These changes should have no visible effect on
the page.
To test, apply the patch and enable the 'CircSidebar' system
preference if necessary.
- View any circulation page, including the checkout page, to confirm
that the left-hand sidebar menu is unchanged.
- Test with the 'patronimages' system preference both on and off.
Viewing the diff while ignoring whitespace changes should show only
places where a line break was added.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 002fbdcc62c83a13ececb1e5e3c53b742f947b8b) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Kyle M Hall [Fri, 17 May 2024 10:29:39 +0000 (10:29 +0000)]
Bug 36498: Tidy cataloguing/additem.pl
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 0877dfd16d0891d0b36a906ced6f8f8e83e2d738) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Tue, 2 Apr 2024 22:27:45 +0000 (22:27 +0000)]
Bug 36498: Add ability to set item group display order from additem.tt
To test:
1. Apply patch, restart_all
2. System preferences -> EnableItemGroups, set to 'Enable'.
3. Find a record and create at least 1 item group.
4. Go to Add item
5. Scroll to the bottom and look for 'Options' underneath 'Add to item group'
6. In the dropdown select 'Create new item group'
7. There should be fields for 'Name' and 'Display order'.
8. Make sure you can add a new item group with and without a display order set. If no display order is set it should default to 0.
9. Try to add a non numerical display order, you should not be able to.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 49c55a03e70d4f4c7362cf45a5103f58c694af01) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Martin Renvoize [Thu, 27 Jun 2024 09:01:45 +0000 (10:01 +0100)]
Bug 36128: (QA follow-up) Add regression test
This patch adds a simple regression test to ensure we don't re-introduce
the errant warning.
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 18c97c1456b527521624fc9be6f8c3bacaba28f1) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Denys Konovalov [Sun, 23 Jun 2024 12:13:35 +0000 (14:13 +0200)]
Bug 36128: Use of uninitialized value in string eq at /usr/share/koha/lib/C4/Overdues.pm
Fixes the following error message when running the overdues check cronjob on a
Koha system without defined overdue rules:
/etc/cron.daily/koha-common:
Use of uninitialized value in string eq at /usr/share/koha/lib/C4/Overdues.pm
line 686.
by checking if the variable is defined before comparing it.
Test plan:
1. Go to Tools - Overdue notice/status triggers and verify that for every single
patron type for both Default and every individual library, you have no value
set for Delay, so that you will never send anyone an overdue notice
2. Run the cron job which creates and sends overdue notices
3. Confirm the above mentioned error no longer appears
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4c8586270af07d4281215d060cef004e33999972) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Eric Garcia [Tue, 25 Jun 2024 17:18:13 +0000 (17:18 +0000)]
Bug 35240: Add missing IDs to input
1. Tools -> Rotating collections -> Edit collection
2. Use browser dev tools to notice that the inputs don't have matching
IDs
3. Apply patch
4. Do step 2 again and notice IDs are no longer missing.
5. Sign off :)
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 21a66bf17c867734271e57c9f06b0b3e619d9ff0) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Pedro Amorim [Fri, 24 May 2024 16:10:44 +0000 (16:10 +0000)]
Bug 30372: Fix value->attribute
Test plan:
- Activate patron self registration without email verification
- Create several patron attributes as visible and editable in the OPAC, make one mandatory
- Register as a new patron from the OPAC
- Fill in all required fields but the extended attribute
- Fill in at least one of the non-required extended attributes
- Submit
- Verify that the contents of the other extended attribute fields are still present.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4616ddc8ab4b7b570f9444f999c2b50a463df6d4) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Thu, 30 May 2024 04:16:56 +0000 (04:16 +0000)]
Bug 36966: Actually fix data-link for local cover images
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 5b5a50f0cdfed4c960f844dc3dd7db149af2b5d7) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Wed, 29 May 2024 07:26:18 +0000 (07:26 +0000)]
Bug 36966: Fix data-link for local cover images
This patch fixes the data-link so that the "edit" link at the
bottom of the lightbox viewer correctly takes the user to
the editor interface for the local cover image
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit e0e179f806452f6713f588572a051e01d3de52b5) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
David Cook [Mon, 27 May 2024 03:33:06 +0000 (03:33 +0000)]
Bug 36966: Fix local cover image links for items
This change fixes the local cover image links for items by removing
unnecessary parameters, an invalid link, and an uninitialised
Template::Toolkit variable.
Test plan:
0. Apply patch
1. Enable syspref 'LocalCoverImages'
3. Go to http://localhost:8081/cgi-bin/koha/catalogue/detail.pl?biblionumber=29
4. Click on the dropdown next to "Edit" at the item level
5. Upload an image for the item
6. Note that the local cover image appears in the holdings table
7. Click on the image and note that it loads in the light box
8. Success!
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 4183b073e6c5366d5cd576c1a0efabf0489f9de5) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Jan Kissig [Thu, 16 May 2024 08:11:53 +0000 (10:11 +0200)]
Bug 36880: Record overlay rules are not validated
This patch fixes validation of rules, confirmation on deletion of rules and removes some unused source code.
1) Validation of record overlay rules on edit and add action
2) Validation when editing an existing rule
3) Adds confirm when deleting multiple rules
Test plan:
1)
a) open http://localhost:8081/cgi-bin/koha/admin/marc-overlay-rules.pl
b) just click + Add rule
c) a new rule with an empty tag is saved
2)
a) edit an existing rule
b) empty input value for tag
c) click Save and check that the rule has now an empty value for tag
3)
a) delete a rule by checking the checkbox and clicking Delete selected
b) delete a rule by clicking the Delete button under Actions
c) notice that b) asks for confirmation
apply patch
1) redo steps and check that form does not get submitted and the input is marked as required
2) redo steps and check that clicking on Save will not submit the form and mark input as required
3) redo steps and check that a standard confirm popup appears
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 909a72c58f07fbb7f8eb8d858641779239903bdc) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Hammat Wele [Fri, 21 Jun 2024 17:07:47 +0000 (17:07 +0000)]
Bug 37157: Fix Malformed UTF-8 character in JSON string before decode_json
When we add a new identity provider and put some special characters in the Config or Mapping field, we got 500 error when we list the identity providers
To test:
1. Apply this patch.
2. Add a new identity provider
2.1. fill the form
2.2. click on «Add default Oauth configuration» and on «Add default Oauth mapping»
2.3. put some special characters in Configuration and Mapping field
3. Save the form
=> Confirm the identity providers list is shown correctly
Also prove t/db_dependent/api/v1/provider.t.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 55b892dca46b1acdda0e962695699e4bf82d5de6) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Andreas Jonsson [Thu, 13 Jun 2024 15:00:31 +0000 (17:00 +0200)]
Bug 37016: Invalid due date in SIP renew response
Test plan using koha-testing-docker:
1) Make sure SIP is running. You may need to edit
/etc/koha/sites/SIPconfig.xml and remove the 8023 connector and
restart the SIP-server (koha-sip --restart kohadev)
2) Find a patron, say 23529000197047
3) Set a password by selecting "change password", set it to
"Password1234"
4) Find a book, say 39999000000856
5) Issue book to patron with sip-client:
sudo koha-shell -c "/usr/share/koha/bin/sip_cli_emulator.pl \
--address localhost --port 6001 -t cr \
--su term1 --sp term1 --message checkout \
--location CPL --item 39999000000856 \
--patron 23529000197047 --password Password1234"\
kohadev
6) Note the AH-header in the response which for example:
'AH20240619 235900'
7) Make a renewal with:
sudo koha-shell -c "/usr/share/koha/bin/sip_cli_emulator.pl \
--address localhost --port 6001 -t cr \
--su term1 --sp term1 --message renew \
--location CPL --item 39999000000856 \
--patron 23529000197047 --password Password1234"\
kohadev
8) Make sure the AH-header in the response is different from the
response to the checkout, for example: 'AH20240624 235900'
Signed-off-by: Tadeusz „tadzik” Sośnierz <tadeusz@sosnierz.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3295fd52279728c222ef6504766ab9d573561e0f) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Nick Clemens [Wed, 26 Jun 2024 14:44:34 +0000 (14:44 +0000)]
Bug 37016: Unit tests
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 6aa2198965b1f98eda1d877c39af860c86b208a8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37332: Fix unseen and customer renewal date parameters in svc
To test:
0. Enable unseen renewals
i. Set the system preference UnseenRenewals to Allowed
ii. Edit the circulation rules to specify the maximum number of
unseen renewals allowed
1. Check out an item to a patron
2. In the checkouts table on that patron's account, check the "Renew"
checkbox for that item
3. Select a custom renewal date using the Renewal due date flatpicker
4. Check the checkbox labeled "Renew as unseen if appropriate"
4. Click Renew selected items
--> The item renews, but its new due date follows the renewal period
specified in the circulation rules, regardless of what date was
entered in the Renewal due date field
--> The checkout still has all of its unseen renewals remaining,
indicating that the renewal was not processed as an unseen renewal
5. Enter another custom renewal date and renew checkout with the Renew
all button
--> Same result
6. Apply patch and restart_all
7. Repeat test plan
--> Custom renewal date is now respected
--> Number of unseen renewals remaining decreases when "Renew as unseen"
checkbox is checked
8. Renew the item with the "Renew as unseen" checkbox unchecked
--> Confirm that number of unseen renewals is reset (i.e. the checkout
once again has all of its unseen renewals remaining), indicating
that the renewal was processed as a "seen" renewal
Signed-off-by: CJ Lynce <cj.lynce@westlakelibrary.org> Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit baa68147535f67c2f14aa9a0a73c41a4a1b51252) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lucas Gass [Mon, 15 Jul 2024 16:20:15 +0000 (16:20 +0000)]
Bug 37345: Only toggle_onsite_checkout() if OnSiteCheckoutAutoCheck is enabled
To test:
1. Find an item to checkout and a patron to check out to.
2. Set a due manually: "Specify due date (MM/DD/YYYY):"
3. Before checking out click the "Remember for session:" checkbox.
4. Check the item out.
5. The specific due date is not retained.
6. APPLY PATCH
7. Try 1 -4 again, now the date should be sticking.
8. Turn on the OnSiteCheckouts system pref and make sure it still works
9. Turn on the OnSiteCheckoutAutoCheck system pref and make sure the on-site checkbox is still checked after doing an on-site checkout.
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3276e0fa0c9931bab75c50b59c66c44f89c459b3) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 36527: Patron category or item type not changing when editing another circulation rule
Plan test :
1. Go to Administration > Circulation and fine rules
2. Add a couple of rules with various patron category/item type
combinations
3. Click on "Edit" next to one of the rules
--> The line should become highlighted in yellow and the values
should be copied in the very last row
4. Click on "Edit" next to another rule
5. Click OK in the browser dialog box to confirm you want to edit
another rule
--> Depending on the rules, the values for the patron category
and/or item type might not change in the editing row
6. Repeat steps 4 and 5
--> The patron category and item type do not always change
7. Apply the batch
8. Redo step from 3 to 6
9. Observe that category and item type change accordingly
Signed-off-by: Owen Leonard <oleonard@myacpl.org> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 7e8502e087abb1adee1900380b1a67885aeb7fa0) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Lari Strand [Wed, 29 May 2024 10:53:22 +0000 (13:53 +0300)]
Bug 36982: Collections facet does not get alphabetized based on collection descriptions
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Lucas Gass <lucas@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 83762f6feec027cf6acff2022c9eb528ac1507d8) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Bug 37182: Make Koha::Statistic->new preserve 'datetime' if passed
This patch does what the title says. This behavior is tested on the
previous patch. Tests are also added for the background job (which
relies on Koha::Statistic->new and was the evidence of this
overwrite behavior).
Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 65375bc34dd7e082331cbccc0299c6a99fea28ce) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 386cedeb73a8d5d2b154e70378547893c7a837a4) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Sat, 22 Jun 2024 00:43:22 +0000 (17:43 -0700)]
Bug 37163: Fix the redirect after deleting a tag from an authority framework to load the right page
When you delete a tag from an authority framework, we intend to redirect you
right back to where you were, on the same page of tags, but because we pick
the wrong variable to set searchfield in the URL, we send you to the first
page instead.
Test plan:
1. Without the patch, Administration - Authority types - in the row for
CHRON_TERM Actions menu, MARC Structure
2. In the Search for tag: input, type 092 and hit Enter
3. In the row for 092, Actions menu, Delete, in the page that loads click
Yes, delete
4. In the page you are redirected to, note that you are at Tag 000, and the
URL is ?searchfield=&authtypecode=CHRON_TERM
5. Apply patch, restart_all
6. Type 092 and hit Enter, Actions menu for the 093 row, Delete, Yes, delete
7. Note that now you have gone to the page where 093 used to be, because
the URL is ?searchfield=092&authtypecode=CHRON_TERM and you can just
keep deleting 09x tags one after another
Signed-off-by: Sam Lau <samalau@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit d3401535b5c2e66537abe6e0f997e34c91d8e273) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Sat, 22 Jun 2024 22:57:01 +0000 (15:57 -0700)]
Bug 37162: Remove the [% IF ( delete_confirmed ) %] stuff in auth_tag_structure.tt
Since auth_tag_structure.pl redirects after deleting when the op is
delete_confirmed (which is actually cud-delete_confirmed) rather than loading
the template, there's no reason to have dead code for IF ( delete_confirmed )
which is both never set, and is never called when anything like it is set.
Test plan:
1. With the patch applied, Administration - Authority types - Chronological
Term row - Actions menu - MARC Structure
2. You've already verified that auth_tag_structure.tt isn't malformed, but for
extra fun choose a tag, Actions menu - Delete - Yes, delete and verify that
it was deleted
Signed-off-by: Sam Lau <samalau@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit f9e602ce984fe92378604d596ce579226f6f5dc1) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Sat, 22 Jun 2024 22:35:31 +0000 (15:35 -0700)]
Bug 37161: After deleting a tag in a MARC framework, redirect back to the tag list rather than showing a 'Tag deleted' page first
Currently after you delete a tag from a MARC framework, Koha intends to show
you a page with the text "Tag deleted" and an OK button to click to go back to
where you were in the list of tags. But because that depends on the template
variable being set for the name of the op in the script, and the name of the
op is "cud-delete_confirmed" which isn't a legal TT variable name, nothing is
set to tell the template what to display, so it displays a mostly-blank page.
Far better to show, don't tell, and just redirect to the list of tags like
deleting a tag from an authority framework does.
Test plan:
1. Without the patch, Administration - MARC bibliographic frameworks -
Binders row - Actions menu - MARC structure
2. Type 092 and press Enter in the Search for tag: input
3. 092 row - Actions menu - Delete - Yes, delete this tag
4. Stare blankly at the blank page with only a header
5. Apply patch, restart_all
6. Administration - MARC bibliographic frameworks - Kits row - Actions menu -
MARC structure
7. Type 092 and press Enter in the Search for tag: input
8. 092 row - Actions menu - Delete - Yes, delete this tag
9. Enjoy the sight of the Kits framework showing a search for 092 that
doesn't show one, because you just deleted it, and now you can delete
the 096 tag next
Signed-off-by: Sam Lau <samalau@gmail.com> Signed-off-by: Eric Garcia <cubingguy714@gmail.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 825c6c5edf953161acf124a4fcecd6d32f719431) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Phil Ringnalda [Fri, 17 May 2024 00:01:54 +0000 (17:01 -0700)]
Bug 36891: Restore returning 404 from svc/bib when the bib number doesn't exist
Changing from GetMarcBiblio to Biblios->find plus metadata->record lost the
way that svc/bib used to return 404 when the bib number wasn't found. This
patch restores that by checking for undef after the Biblios->find step.
Test plan:
1. Load e.g. http://127.0.0.1:8081/cgi-bin/koha/svc/bib/289 which returns an
XML bib record
2. Load http://127.0.0.1:8081/cgi-bin/koha/svc/bib/99999999 and get a 500 error
2. Appply patch, restart_all
4. Reload http://127.0.0.1:8081/cgi-bin/koha/svc/bib/289 and get the bib again
5. Reload http://127.0.0.1:8081/cgi-bin/koha/svc/bib/99999999 and get a 404
Signed-off-by: David Nind <david@davidnind.com> Signed-off-by: Nick Clemens <nick@bywatersolutions.com> Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 3d1b38b0ade54dae8d565e2195e2e97f4826a0b6) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
Katrin Fischer [Thu, 27 Jun 2024 07:03:20 +0000 (07:03 +0000)]
Bug 25387: (follow-up) Slightly change wording of alert
Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>
(cherry picked from commit 1004d47d0093bd5a7547fb7d943837df895ae3eb) Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
projects / koha.git / log