1811cx1/.git
2 years agoCALYX 18.11.11 release 18.11.11.cx1-sq2 18.11.11.cx2 ka4/18.11.11.cx2
Mason James [Fri, 14 Dec 2018 05:12:42 +0000 (18:12 +1300)]
CALYX 18.11.11 release

2 years agoupdate debian/control for stretch, via pbuilder
Mason James [Fri, 14 Dec 2018 05:03:29 +0000 (18:03 +1300)]
update debian/control for stretch, via pbuilder

modified:   debian/control

2 years agoadd hidden
Mason James [Wed, 11 Dec 2019 09:45:15 +0000 (22:45 +1300)]
add hidden

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   koha-tmpl/opac-tmpl/bootstrap/less/opac.less

2 years agoyarn --verbose build
Mason James [Mon, 9 Dec 2019 01:32:23 +0000 (14:32 +1300)]
yarn --verbose   build
modified:   koha-tmpl/intranet-tmpl/prog/css/staff-global.css

2 years agoyarn --verbose build --view opac
Mason James [Mon, 9 Dec 2019 01:31:57 +0000 (14:31 +1300)]
yarn --verbose   build --view opac

2 years agorollback bz21987
Mason James [Mon, 9 Dec 2019 01:24:20 +0000 (14:24 +1300)]
rollback bz21987

2 years agoBug 13193: Make Memcached usage fork safe
Joonas Kylmälä [Mon, 16 Sep 2019 10:26:01 +0000 (10:26 +0000)]
Bug 13193: Make Memcached usage fork safe

When a high enough number of forks try to access for example system
preferences with Koha::Cache using memcached as backend the results of
different cache requests get mixed up.

The problem is fixed by using Cache::Memcached::Fast::Safe that is a
fork safe version of Cache::Memcached::Fast.

Sponsored-by: The National Library of Finland
Signed-off-by: Mason James <mtj@kohaaloha.com>
2 years agohide no-image
Mason James [Fri, 30 Aug 2019 02:17:46 +0000 (14:17 +1200)]
hide no-image
modified:   koha-tmpl/opac-tmpl/bootstrap/css/src/opac.scss

2 years agofix opac/opac-suggestions.pl
Mason James [Mon, 26 Aug 2019 02:44:19 +0000 (14:44 +1200)]
fix  opac/opac-suggestions.pl

2 years agohide dateaccessioned
Mason James [Mon, 26 Aug 2019 02:12:22 +0000 (14:12 +1200)]
hide  dateaccessioned

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

2 years agoadd id/class to template
Mason James [Mon, 26 Aug 2019 01:58:43 +0000 (13:58 +1200)]
add id/class to template

Signed-off-by: Mason James <mtj@kohaaloha.com>
2 years agorevert e9e359b rt815, add classes to table
Mason James [Mon, 26 Aug 2019 01:46:46 +0000 (13:46 +1200)]
revert  e9e359b rt815, add classes to table

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

2 years agofix table
Mason James [Sun, 25 Aug 2019 23:28:56 +0000 (11:28 +1200)]
fix table

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

2 years agoadd issn
Mason James [Thu, 15 Aug 2019 01:53:18 +0000 (13:53 +1200)]
add issn

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc

2 years agoadd OD fix
Mason James [Thu, 15 Aug 2019 01:27:48 +0000 (13:27 +1200)]
add OD fix

2 years agorm caro
Mason James [Thu, 15 Aug 2019 01:25:34 +0000 (13:25 +1200)]
rm caro
modified:   opac/pages.pl

2 years agomisc updates
Mason James [Thu, 15 Aug 2019 01:02:13 +0000 (13:02 +1200)]
misc updates

2 years agocompile css from sass
Mason James [Tue, 13 Aug 2019 01:34:16 +0000 (13:34 +1200)]
compile css from sass

Conflicts:
koha-tmpl/intranet-tmpl/prog/css/staff-global.css

2 years agoCALYX 18.11.08 release
Mason James [Mon, 12 Aug 2019 15:53:44 +0000 (03:53 +1200)]
CALYX 18.11.08 release

2 years agorevert ssl
Mason James [Wed, 15 May 2019 06:10:12 +0000 (18:10 +1200)]
revert ssl

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   opac/tracklinks.pl

Conflicts:
opac/tracklinks.pl

2 years agoadd cms
Mason James [Thu, 9 May 2019 05:37:21 +0000 (17:37 +1200)]
add cms

Signed-off-by: Mason James <mtj@kohaaloha.com>
new file:   pages.pl

2 years ago modified: C4/Output.pm
Mason James [Thu, 2 May 2019 18:26:47 +0000 (06:26 +1200)]
modified:   C4/Output.pm
modified:   opac/opac-shelves.pl
modified:   virtualshelves/shelves.pl

2 years agoadd fix to handle item's with an undefined itemtype
Mason James [Tue, 30 Apr 2019 07:57:06 +0000 (19:57 +1200)]
add fix to handle item's with an undefined itemtype

2 years agoadd 490 fix
Mason James [Thu, 4 Apr 2019 02:45:41 +0000 (15:45 +1300)]
add 490 fix

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   koha-tmpl/opac-tmpl/bootstrap/en/xslt/MARC21slim2OPACDetail.xsl

Conflicts:
koha-tmpl/intranet-tmpl/prog/en/xslt/MARC21slim2intranetDetail.xsl

2 years agoadd bibnum
Mason James [Thu, 13 Dec 2018 13:22:05 +0000 (02:22 +1300)]
add bibnum

modified:   serials/subscription-detail.pl

Conflicts:
serials/subscription-detail.pl

2 years agoadd forcee_ssl to opac/tracklinks.pl
Mason James [Fri, 1 Mar 2019 02:39:31 +0000 (15:39 +1300)]
add forcee_ssl to  opac/tracklinks.pl

Signed-off-by: Mason James <mtj@kohaaloha.com>
Conflicts:
opac/tracklinks.pl

2 years agoBug 19016: Trigger reindex on fixing biblios
Tomas Cohen Arazi [Wed, 11 Oct 2017 18:58:31 +0000 (15:58 -0300)]
Bug 19016: Trigger reindex on fixing biblios

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 years agoBug 19016: Check and fix 'biblioitems'
Tomas Cohen Arazi [Wed, 9 Aug 2017 13:03:09 +0000 (10:03 -0300)]
Bug 19016: Check and fix 'biblioitems'

This patch adds 'biblioitems' to the list of tables to be evaluated and fixed.

To test the problem exists:
- reset_all
- Run:
  $ sudo koha-mysql kohadev
  > SELECT biblionumber FROM biblio ORDER BY biblionumber DESC LIMIT 1;
- From the staff UI, delete the biblio with that biblionumber
- Restart mysql:
  $ sudo systemctl restart mysql.service
- Add a new biblio record
- Run:
  $ sudo koha-shell kohadev
 k> cd kohaclone
 k> misc/cronjobs/cleanup_database.pl --list-corrupted-data
=> FAIL: biblioitems issue is not higlighted
- Apply this patch
- Run:
  $ sudo koha-shell kohadev
 k> cd kohaclone
 k> misc/cronjobs/cleanup_database.pl --list-corrupted-data
=> SUCCESS: biblioitems issue is highlighted

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
2 years agoBug 19016 [Followup] - Fix bad column name
Kyle M Hall [Thu, 3 Aug 2017 10:40:33 +0000 (06:40 -0400)]
Bug 19016 [Followup] - Fix bad column name

2 years agoBug 19016: Update other values
Jonathan Druart [Tue, 1 Aug 2017 17:14:24 +0000 (14:14 -0300)]
Bug 19016: Update other values

Here we have a problem!
If we assign a new id to the different rows that cannot be moved
safetly, we need to modify the other tables that do not have a foreign
key (for historical or laziness reasons).

For instance:
John is borrowernumber=42 and create a suggestion
(suggestion.suggestedby=42)
Jane is borrowernumber=42 in the deletedborrowers table. She created a
suggestion (same suggestedby value).

John will get a new id and the suggestion.suggestedby will not be
replaced without this patch. But with this fix, the 2 suggestions will
be marked as suggested by him.

2 years agoBug 19016: Add a script to fix corrupted data
Jonathan Druart [Tue, 1 Aug 2017 17:14:13 +0000 (14:14 -0300)]
Bug 19016: Add a script to fix corrupted data

This patch add two new options to the cleanup_database.pl script:
* --list-corrupted-data to list the different rows that are affected
* --fix-corrupted-data to fix and reassign an id to the corrupted rows

TO NOT USE IT IN PRODUCTION YET!

Signed-off-by: Mason James <mtj@kohaaloha.com>
2 years agoBug 19860 - Make staff client home page responsivef
Mason James [Tue, 19 Feb 2019 04:20:40 +0000 (17:20 +1300)]
Bug 19860 - Make staff client home page responsivef

small patch to correct ordering of modules

2 years agofix subs_history
Mason James [Thu, 31 Jan 2019 00:02:48 +0000 (13:02 +1300)]
fix subs_history
Can't call method "missinglist" on an undefined value at  /1805cx1/C4/Serials.pm line 1601.

modified:   C4/Serials.pm

2 years agofix branch typo
Mason James [Tue, 18 Dec 2018 09:04:26 +0000 (09:04 +0000)]
fix branch typo
modified:   C4/Auth.pm

2 years agorollback quilt
Mason James [Tue, 18 Dec 2018 08:19:36 +0000 (21:19 +1300)]
rollback quilt

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   source/format

2 years agoadd plack exemptions
Mason James [Tue, 18 Dec 2018 07:25:01 +0000 (20:25 +1300)]
add plack exemptions

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   debian/templates/apache-shared-intranet-plack.conf

2 years agoand www user for mellon instances
Mason James [Tue, 18 Dec 2018 07:22:56 +0000 (20:22 +1300)]
and www user for mellon instances

Signed-off-by: Mason James <mtj@kohaaloha.com>
2 years agoversion fixup
Mason James [Fri, 14 Dec 2018 05:51:08 +0000 (18:51 +1300)]
version fixup
modified:   changelog
modified:   control

2 years agoadd clutscny class.def
Mason James [Fri, 30 Nov 2018 03:03:24 +0000 (16:03 +1300)]
add clutscny class.def

modified:   Label.pm

Conflicts:
C4/Labels/Label.pm

2 years agopass $subid for DML
Mason James [Wed, 21 Nov 2018 05:52:24 +0000 (18:52 +1300)]
pass $subid for DML

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   subscription-add.pl

2 years ago new file: link_bibs_to_authorities.pl
Mason James [Fri, 16 Nov 2018 07:06:39 +0000 (20:06 +1300)]
new file:   link_bibs_to_authorities.pl

2 years agoadd 490a for linking
Mason James [Fri, 16 Nov 2018 06:59:47 +0000 (19:59 +1300)]
add 490a  for linking

Signed-off-by: Mason James <mtj@kohaaloha.com>
2 years agofix the following error...
Mason James [Tue, 7 Aug 2018 01:52:29 +0000 (13:52 +1200)]
fix the following error...

 request.pl: Can't call method "notforloan" on an undefined value at /home/mason/g/k/1711cx1/C4/Reserves.pm line 1178

Conflicts:
C4/Reserves.pm

2 years agoRT-2829, fix mellon regression in opac/opac-suggestions.pl
Mason James [Sat, 4 Aug 2018 22:41:53 +0000 (10:41 +1200)]
RT-2829, fix mellon regression in opac/opac-suggestions.pl

2 years agodisable quilt
Mason James [Wed, 13 Jun 2018 18:14:25 +0000 (06:14 +1200)]
disable quilt

2 years agoset updateJobProgress to 5 secs
Mason James [Thu, 7 Jun 2018 13:14:41 +0000 (01:14 +1200)]
set updateJobProgress to 5 secs

Signed-off-by: Mason James <mtj@kohaaloha.com>
2 years agowarns..
Mason James [Thu, 7 Jun 2018 08:20:49 +0000 (20:20 +1200)]
warns..

Conflicts:
C4/Auth.pm

2 years agoBug 20055 - New suggestion from OPAC records borrowernumber instead of branchcode
Mason James [Wed, 31 Jan 2018 04:48:57 +0000 (17:48 +1300)]
Bug 20055 - New suggestion from OPAC records borrowernumber instead of branchcode

Signed-off-by: Mason James <mtj@kohaaloha.com>
2 years ago modified: C4/Search.pm
Mason James [Thu, 25 Jan 2018 05:54:36 +0000 (18:54 +1300)]
modified:   C4/Search.pm

2 years agoBug 19870: Loaned items show as available unless logged in
Mason James [Fri, 22 Dec 2017 02:33:01 +0000 (15:33 +1300)]
Bug 19870: Loaned items show as available unless logged in

here's a quick fix to the problem (on 17.05.00 and up)

1/ set OPACXSLTResultsDisplay = '';
2/ log out from opac

3/ search for a title in opac, see item is available in search results
4/ check out item
5/ search for a title in opac, see item is still available?1

6/ apply patch
7/ search for an title in opac, see item is now unavailable

we still need a .t/test file for resultsSearch(), but that might be a job for another day...

Conflicts:
C4/Search.pm

2 years agoRT #2623: OPAC Internal Server Error
Mason James [Thu, 21 Dec 2017 10:56:01 +0000 (23:56 +1300)]
RT #2623: OPAC Internal Server Error
my ( $borr ) = GetMember ( $borrowernumber ) if  $borrowernumber;

modified:   opac-suggestions.pl

2 years agomel opac
Mason James [Thu, 14 Sep 2017 01:46:06 +0000 (13:46 +1200)]
mel opac

2 years agoBug 13932: unset userenv when using trusted header
Robin Sheat [Wed, 29 Apr 2015 05:26:11 +0000 (17:26 +1200)]
Bug 13932: unset userenv when using trusted header

As the trusted header system doesn't keep a session hanging around, when
running with plack it can end up with the userenv of another user, which
is bad. So this clears it forcing it to be recreated cleanly.

2 years agoWR237697: add in user checking
Robin Sheat [Wed, 22 Apr 2015 03:08:47 +0000 (15:08 +1200)]
WR237697: add in user checking

This ensures that the user exists so that we don't end up in a weird
anonymous logged in user state if they pass auth, but don't have a koha
account.

Conflicts:
C4/Auth.pm

2 years agoWR237697: add support for a trusted HTTP header
Mason James [Thu, 7 Dec 2017 03:49:50 +0000 (16:49 +1300)]
WR237697: add support for a trusted HTTP header

This adds support for a 'trusted_header' option in koha-conf.xml that
specified an HTTP header that you trust that contains the userid. This
is to allow Koha to be behind a reverse proxy (for example, running
plack fronted by apache) that does user authentication/authorisation.

Note: for reasons I can't really tell, this doesn't work when apache is
running Koha as CGI, but does work under plack.

Test plan:
* have a koha-plack setup.
* configure apache to send it a header:
  RequestHeader set X_REMOTE_USER "testuserid"
* add <trusted_header>X_REMOTE_USER</trusted_header> to koha-conf.xml
* verify that the user behaves as though they're logged in.

Conflicts:
C4/Auth.pm

2 years agolessc --compress bootstrap/less/opac.less > bootstrap/css/opac.css
Mason James [Thu, 31 Aug 2017 08:50:13 +0000 (20:50 +1200)]
lessc --compress bootstrap/less/opac.less > bootstrap/css/opac.css

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/css/opac.css

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/css/opac.css

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/css/opac.css

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/css/opac.css

2 years agofix for suggestions.pl with mellon
Mason James [Wed, 9 Aug 2017 06:51:51 +0000 (18:51 +1200)]
fix for suggestions.pl with mellon

Signed-off-by: Mason James <mtj@kohaaloha.com>
Conflicts:
opac/opac-suggestions.pl

2 years agofix unneeded debarred() call
Mason James [Fri, 28 Jul 2017 05:14:15 +0000 (17:14 +1200)]
fix unneeded debarred() call

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   opac/opac-user.pl

2 years agoupdate to stable
Mason James [Fri, 12 May 2017 06:39:57 +0000 (18:39 +1200)]
update to stable

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   debian/build-git-snapshot

2 years agorm debug
Mason James [Fri, 12 May 2017 06:33:39 +0000 (18:33 +1200)]
rm debug
modified:   C4/Auth.pm

2 years ago..
Mason James [Fri, 12 May 2017 05:56:45 +0000 (17:56 +1200)]
..

Conflicts:
opac/opac-search.pl

2 years agoadd SetCCodeCookie
Mason James [Fri, 12 May 2017 05:43:55 +0000 (17:43 +1200)]
add SetCCodeCookie

Conflicts:
C4/Koha.pm

2 years agoccode fix
Mason James [Fri, 12 May 2017 05:37:36 +0000 (17:37 +1200)]
ccode fix

Conflicts:
C4/Auth.pm

2 years agort2309: PMHCCN : In OPAC "Publisher"or "Published by :" label is not visible
Mason James [Wed, 19 Apr 2017 01:13:25 +0000 (13:13 +1200)]
rt2309: PMHCCN : In OPAC "Publisher"or "Published by :" label is not visible

Signed-off-by: Mason James <mtj@kohaaloha.com>
Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/xslt/MARC21slimUtils.xsl

2 years agoRT2116, hide no-cover text
Mason James [Tue, 7 Mar 2017 03:04:54 +0000 (16:04 +1300)]
RT2116, hide no-cover text

Signed-off-by: Mason James <mtj@kohaaloha.com>
Conflicts:
koha-tmpl/opac-tmpl/bootstrap/less/opac.less

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/less/opac.less

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/less/opac.less

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/less/opac.less

2 years agoadd id/classes to basket.tt
Mason James [Tue, 6 Dec 2016 02:12:05 +0000 (15:12 +1300)]
add id/classes to basket.tt

Signed-off-by: Mason James <mtj@kohaaloha.com>
Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-basket.tt

2 years agoadd enumchron
Mason James [Sun, 27 Nov 2016 23:45:15 +0000 (12:45 +1300)]
add enumchron
modified:   XSLT.pm

Conflicts:
C4/XSLT.pm

Conflicts:
C4/XSLT.pm

2 years agoadd YTU xslt
Mason James [Sun, 27 Nov 2016 22:07:09 +0000 (11:07 +1300)]
add YTU xslt

Signed-off-by: Mason James <mtj@kohaaloha.com>
new file:   MARC21slim2OPACResults-ytu1.xsl

2 years agort1875, add regex to replace problematic DOS CRLF chars, before import
Mason James [Sun, 18 Sep 2016 12:43:12 +0000 (00:43 +1200)]
rt1875, add regex to replace problematic DOS CRLF chars, before import

Signed-off-by: Mason James <mtj@kohaaloha.com>
Conflicts:
admin/import_export_framework.pl

2 years ago1966: HBC : Default number of reports displayed
Mason James [Wed, 16 Nov 2016 01:49:20 +0000 (14:49 +1300)]
1966: HBC : Default number of reports displayed

modified:   koha-tmpl/intranet-tmpl/prog/js/datatables.js

2 years agogauth fix local auth
Mason James [Tue, 15 Nov 2016 16:58:39 +0000 (05:58 +1300)]
gauth fix local auth

2 years agoadd caro
Mason James [Thu, 3 Nov 2016 02:29:54 +0000 (15:29 +1300)]
add caro

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-main.tt

2 years agoadd CF libs
Mason James [Mon, 24 Feb 2020 06:09:07 +0000 (19:09 +1300)]
add CF libs

Signed-off-by: Mason James <mtj@kohaaloha.com>
2 years agoadd --tempdir arg to rebuild_zebra.pl
Mason James [Thu, 20 Feb 2014 03:09:17 +0000 (16:09 +1300)]
add --tempdir arg to rebuild_zebra.pl

Conflicts:
misc/migration_tools/rebuild_zebra.pl

2 years agoadd libdatetime-format-dateparse-perl
Mason James [Mon, 8 Jun 2015 01:44:35 +0000 (13:44 +1200)]
add libdatetime-format-dateparse-perl
modified:   control

2 years agoadd css tweaks to ipsp subject-cloud
Mason James [Wed, 4 Feb 2015 04:55:48 +0000 (17:55 +1300)]
add css tweaks to ipsp subject-cloud

2 years agort950 add id for BS cart mod
Mason James [Tue, 17 Jun 2014 19:13:27 +0000 (07:13 +1200)]
rt950 add id for BS cart mod

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc

2 years agort883 add IPSP ccode-opac
Mason James [Mon, 16 Jun 2014 04:34:33 +0000 (16:34 +1200)]
rt883 add IPSP ccode-opac

Conflicts:
opac/opac-search.pl

2 years agort815, add classes to table
Mason James [Sat, 14 Jun 2014 02:41:53 +0000 (14:41 +1200)]
rt815, add classes to table

Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

2 years agobz 12120, patch for --tempdir /var/tmp
Mason James [Fri, 2 May 2014 07:29:20 +0000 (19:29 +1200)]
bz 12120,  patch for --tempdir /var/tmp
modified:   debian/scripts/koha-rebuild-zebra

2 years agoUpdate release notes for 18.11.11 release
Lucas Gass [Fri, 22 Nov 2019 17:47:50 +0000 (17:47 +0000)]
Update release notes for 18.11.11 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoTranslation updates for Koha 18.11.11
Koha translators [Fri, 22 Nov 2019 15:02:14 +0000 (12:02 -0300)]
Translation updates for Koha 18.11.11

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoIncrement version for 18.11.11 release
Lucas Gass [Fri, 22 Nov 2019 17:42:29 +0000 (17:42 +0000)]
Increment version for 18.11.11 release

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23042: Correct shib param escaping
Jonathan Druart [Wed, 19 Jun 2019 17:12:15 +0000 (12:12 -0500)]
Bug 23042: Correct shib param escaping

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23042: Only include GET params in return URL for Shibboleth
Martin Renvoize [Thu, 13 Jun 2019 16:02:33 +0000 (17:02 +0100)]
Bug 23042: Only include GET params in return URL for Shibboleth

The shibboleth return target included POST parameters in the URL string,
this meant that a failed local login POST would include the username and
password used in the attemtped login in plaintext in the redirect URL
that is appended to the shibboleth login URL.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23042: Add tests to catch POST params in return URL
Martin Renvoize [Wed, 19 Jun 2019 09:56:30 +0000 (10:56 +0100)]
Bug 23042: Add tests to catch POST params in return URL

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23836: exit after output_error
Jonathan Druart [Wed, 30 Oct 2019 12:15:38 +0000 (13:15 +0100)]
Bug 23836: exit after output_error

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23836: Don't forward form tracklinks if not tracking
Nick [Thu, 17 Oct 2019 15:26:18 +0000 (15:26 +0000)]
Bug 23836: Don't forward form tracklinks if not tracking

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23451: [18.11.x] Fix other similar wrong filterings
Jonathan Druart [Wed, 14 Aug 2019 17:39:43 +0000 (13:39 -0400)]
Bug 23451: [18.11.x] Fix other similar wrong filterings

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23451: [18.11.x] Prevent XSS vulnerabilities in opac-imageviewer.pl
Jonathan Druart [Wed, 14 Aug 2019 17:31:53 +0000 (13:31 -0400)]
Bug 23451: [18.11.x] Prevent XSS vulnerabilities in opac-imageviewer.pl

And certainly in other sripts as it is in opac-bottom.inc

Signed-off-by: Liz Rea <wizzyrea@gmail.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 22543: Prevent "back and refresh attack"
Magnus Enger [Fri, 6 Sep 2019 07:54:04 +0000 (09:54 +0200)]
Bug 22543: Prevent "back and refresh attack"

To reproduce and test:
- Log into the OPAC, you are taken to /cgi-bin/koha/opac-user.pl
- Log out, you are taken to /cgi-bin/koha/opac-main.pl?logout.x=1
- Click "Back", you are taken to /cgi-bin/koha/opac-user.pl
- Reload the page, you see an error like "Confirm new submission
  of form"
- Reload the page again and confirm the submission of the form
- You are now logged in to the OPAC again!
- Log out again
- Apply this patch
- Log in to the OPAC, you are taken to /cgi-bin/koha/opac-user.pl
- Log out, you are taken to /cgi-bin/koha/opac-main.pl?logout.x=1
- Click back, you are taken to /cgi-bin/koha/opac-user.pl
- No matter how many times you reload /cgi-bin/koha/opac-user.pl,
  you should not see anything other than the login form.
- Check that Self Check Out still works as it should, by making
  sure you have a user with self_check permissions, then setting
  WebBasedSelfCheck, AutoSelfCheckAllowed, AutoSelfCheckID and
  AutoSelfCheckPass appropriately. Then visit
  /cgi-bin/koha/sco/sco-main.pl and verify everything works as
  expected.

The messages and errors pages you see related to resubmitting the
form might differ from the ones described here, depending on what
browser you use. I tested in Chromium 76.0.x.

This fix was originally proposed by LMSCloud:
https://github.com/LMSCloud/Koha-LMSCloud/commit/74a7fe0f0c5b2ce0d65bd26452c6dcaf0a7f65ad

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23329: (QA follow-up) Resolve warning on wrong biblionumber
Marcel de Rooy [Fri, 9 Aug 2019 09:27:18 +0000 (09:27 +0000)]
Bug 23329: (QA follow-up) Resolve warning on wrong biblionumber

Passing a wrong biblionumber generates a warning:
    GetMarcUrls called on undefined record at opac/tracklinks.pl line 58.

Test plan:
[1] Try it again with a wrong biblionumber and check the logs.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23329: (follow-up) Allow item URI with a biblionumber parameter
Marcel de Rooy [Fri, 9 Aug 2019 09:18:13 +0000 (09:18 +0000)]
Bug 23329: (follow-up) Allow item URI with a biblionumber parameter

If you pass a URI with a biblionumber without specifying the itemnumber,
tracklinks did not redirect an item URI.

Test plan:
[1] Add URI in an item.
[2] Pass this URI with the itemnumber to tracklinks. Should pass.
[3] Pass this URI with the biblionumber to tracklinks. Should pass now too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23329: (follow-up) Use any instead of grep
Tomas Cohen Arazi [Tue, 23 Jul 2019 19:39:18 +0000 (16:39 -0300)]
Bug 23329: (follow-up) Use any instead of grep

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23329: Only redirect tracklinks.pl to urls contained in records
Nick Clemens [Wed, 17 Jul 2019 11:01:01 +0000 (11:01 +0000)]
Bug 23329: Only redirect tracklinks.pl to urls contained in records

Bug 19487 limited redirection to urls contained in a record/item if we were tracking.
We should probably limit forwarding if not tracking as well.
Additionally, if we don't have a soucre, let's not forward

To test:
 0 - Set TrackClicks syspref to 'Don't track'
 1 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com
 2 - You get forwarded to google
 3 - Set TrackClicks to 'Track anonymously'
 4 - You get a 404
 5 - Apply patch
 6 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com
 7 - You get a 404
 8 - Set TrackClicks syspref to 'Don't track'
 9 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&biblionumber=1
     Choose a biblionumber that exists
10 - You get a 404
11 - Add http://www.google.com to the 856$u of the record used above
12 - Hit localhost:8080/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&biblionumber=1
13 - You are redirected
14 - Confirm redirection and 404 as expected with other settings of TrackClicks

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23101: (follow-up) use NoSort class in datatable
Fridolin Somers [Tue, 8 Oct 2019 12:05:49 +0000 (14:05 +0200)]
Bug 23101: (follow-up) use NoSort class in datatable

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 95c43ebe7206ee68711f5bc7d7b24b6a81d7ec81)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 7ce1fdc84715303cd3f205b9e47e93eab6168e5a)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23101: Hide action buttons on contracts if user lacks permission
Katrin Fischer [Fri, 12 Jul 2019 12:40:22 +0000 (12:40 +0000)]
Bug 23101: Hide action buttons on contracts if user lacks permission

When the user doesn't have superlibrarian, full acq or
contracts_manage permission, don't show buttons for editing
and deleting contracts.

To test:
- Create a vendor with a few contracts
- Create a staff user with
  - superlibrarian = can view edit/delete contracts
  - full acq perms = same
  - without manage_contracts = can view, but action buttons are gone
- Make sure the sorting of the contracts table works in all cases

Signed-off-by: Holly Cooper <hc@interleaf.ie>
Signed-off-by: Bouzid Fergani <bouzid.fergani@inlibro.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit d0a06e365b693de6609998b3d649d9ef4d083880)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit d1da1a688d5a4fb1ea78d53b6308aa08ac09cdd0)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23688: System preference uppercasesurnames broken by typo
Kyle M Hall [Fri, 27 Sep 2019 11:23:28 +0000 (07:23 -0400)]
Bug 23688: System preference uppercasesurnames broken by typo

In the process of moving this feature from memberentry.pl to Patron.pm, the 's' on uppercasesurnames was dropped, breaking the feature.

Test Plan:
1) Test uppercasesurnames, note it does not work
2) Apply this patch
3) Test uppercasesurnames, note it works now!

Signed-off-by: Kyle Hall <kyle@bywatersolutions.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 62ad053894c57ae990a9724cf58beaa4441448c6)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 0c9c78341b5f0c855fcf2a697edc31eb6e1262fc)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23679: add Unit Test t/db_dependent/Circulation/transferbook.t
Fridolin Somers [Thu, 26 Sep 2019 07:08:40 +0000 (09:08 +0200)]
Bug 23679: add Unit Test t/db_dependent/Circulation/transferbook.t

I've choosen to add it to db_dependent because we may add other tests
to cover transferbook() cases that will change DB

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Bin Wen <bin.wen@inlibro.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit d096eeab8a7d23cf460b1ad5f10df746f3d62dda)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 19b44c8b44b1c0b92afb3f34b4b6fd41ab1faf5d)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>
2 years agoBug 23679: fix software error when trying to transfer an unknown barcode
Fridolin Somers [Thu, 26 Sep 2019 07:09:15 +0000 (09:09 +0200)]
Bug 23679: fix software error when trying to transfer an unknown barcode

When trying to transfer an unknown barcode in
/cgi-bin/koha/circ/branchtransfers.pl you get the error :

Can't call method "itemnumber" on an undefined value at
/home/koha/src/C4/Circulation.pm line 319.

This comes from C4::Circulation::transferbook which should stop when
finding unknown barcode.

Test plan :
1) Go to /cgi-bin/koha/circ/branchtransfers.pl
2) Enter a barcode not existing in database
3) Without patch you get a software error, with patch you get a message
   saying 'No Item with barcode'
4) Enter a barcode existing in database and check transfer is OK

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Bin Wen <bin.wen@inlibro.com>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
(cherry picked from commit 3848a3a772e2202ac3339bd241adcef987e48361)
Signed-off-by: Fridolin Somers <fridolin.somers@biblibre.com>
(cherry picked from commit 43f15f13123c705bb750af43a74997e581b48719)

Signed-off-by: Lucas Gass <lucas@bywatersolutions.com>