3.22.10.cx1/.git
5 years ago1966: HBC : Default number of reports displayed 3.22.10-cx1
Mason James [Thu, 13 Oct 2016 23:04:13 +0000 (12:04 +1300)]
1966: HBC : Default number of reports displayed

5 years agort1875, add regex to replace problematic DOS CRLF chars, before import
Mason James [Sun, 18 Sep 2016 12:43:12 +0000 (00:43 +1200)]
rt1875, add regex to replace problematic DOS CRLF chars, before import

Signed-off-by: Mason James <mtj@kohaaloha.com>
5 years agoadd CALYX Koha (3.22.10.000)
Mason James [Sun, 28 Aug 2016 23:36:57 +0000 (11:36 +1200)]
add CALYX Koha (3.22.10.000)
modified:   installer/data/mysql/updatedatabase.pl

5 years agoBug 13597 - Amazon 'no image' element needs a 'no-image' class, in the staff client
Mason James [Thu, 21 Apr 2016 00:40:26 +0000 (12:40 +1200)]
Bug 13597 - Amazon 'no image' element needs a 'no-image' class, in the staff client

to test patch...

1/ go to staff client

2/ add following CSS to 'IntranetUserCSS' syspref, to hide images...
    span.no-image {
        display: none;
    }

3/ do a search that returns 'no image' results...
   observe that 'no image' images are still displaying :(

4/ apply patch

5/ repeat step 2/
   observe that 'no image' images are not displaying :)

Works as advertised.
Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Mason James <mtj@kohaaloha.com>
5 years agorm warn
Mason James [Wed, 15 Jun 2016 22:50:34 +0000 (10:50 +1200)]
rm warn
modified:   C4/Carousel.pm

5 years agoadd cx db update
Mason James [Tue, 14 Jun 2016 20:07:07 +0000 (08:07 +1200)]
add cx db update

Signed-off-by: Mason James <mtj@kohaaloha.com>
modified:   installer/data/mysql/updatedatabase.pl

5 years agomod tmpl/tt ext.
Mason James [Wed, 15 Jun 2016 12:42:02 +0000 (00:42 +1200)]
mod tmpl/tt ext.
modified:   opac/svc/googleoauth2

5 years agorm atomic dir
Mason James [Sun, 6 Dec 2015 17:42:44 +0000 (06:42 +1300)]
rm atomic dir
deleted:    installer/data/mysql/atomicupdate/bug_10988_add_GoogleOauth.sql

5 years agofixed 'Log in to your account modal' msg
Mason James [Fri, 30 Oct 2015 07:38:22 +0000 (20:38 +1300)]
fixed 'Log in to your account modal' msg

5 years agofix xxx in .tt
Mason James [Tue, 9 Jun 2015 06:03:40 +0000 (18:03 +1200)]
fix xxx in .tt

5 years agoadd --tempdir arg to rebuild_zebra.pl
Mason James [Thu, 20 Feb 2014 03:09:17 +0000 (16:09 +1300)]
add --tempdir arg to rebuild_zebra.pl

5 years agoadd libdatetime-format-dateparse-perl
Mason James [Mon, 8 Jun 2015 01:44:35 +0000 (13:44 +1200)]
add libdatetime-format-dateparse-perl
modified:   control

5 years agort867: fixes to purchase suggestions
Mason James [Wed, 18 Jun 2014 03:57:00 +0000 (15:57 +1200)]
rt867: fixes to purchase suggestions

modified:   C4/Suggestions.pm
modified:   koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-suggestions.tt
modified:   opac/opac-suggestions.pl

Conflicts:
opac/opac-suggestions.pl

5 years agoadd css tweaks to ipsp subject-cloud
Mason James [Wed, 4 Feb 2015 04:55:48 +0000 (17:55 +1300)]
add css tweaks to ipsp subject-cloud

5 years agoBug 10756 - Carousel Display of New Titles on OPAC home page
Mason James [Wed, 4 Feb 2015 04:54:03 +0000 (17:54 +1300)]
Bug 10756 - Carousel Display of New Titles on OPAC home page

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc
koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tt

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc

Conflicts:
C4/Auth_cas_servers.yaml.sample

5 years agofixes for oauth2...
Mason James [Wed, 30 Apr 2014 19:11:01 +0000 (07:11 +1200)]
fixes for oauth2...

Conflicts:
C4/Auth.pm

Conflicts:
C4/Auth.pm
koha-tmpl/opac-tmpl/prog/en/modules/opac-main.tt

Conflicts:
koha-tmpl/opac-tmpl/prog/en/includes/masthead.inc
koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tt

5 years agoBug 10988 [ENH] Allow login via Google OAuth2
Nicholas van Oudtshoorn [Thu, 27 Feb 2014 02:25:42 +0000 (10:25 +0800)]
Bug 10988 [ENH] Allow login via Google OAuth2

Adds googleoauth2 login to koha. Adds applicable system preferences Modifies templates to support oauth2 login failures changes the login links to use googleoauth2 when oauth2 is enabled.
This latest patch adds the new system preferences using updatedatabase.pl

Test Plan:
1) Apply this patch
2) Update the database (this is the bit I'm not sure about - I've added the SQL into the atomicupdates directory - is this right?)
3) Create a web app in the google cloud console:
     - Go to https://cloud.google.com/console
     - Create a project, and give it some details
     - Open the Project by clicking on it
     - Under APIs & auth menu, open "Registered Apps" and click "Register App"
     - Give it a name and make sure you select "Web app", click ok
     - Under OAuth 2.0 Client ID,
         - under web origin, type <your_opac_address>
         - in the redirect uri enter <your_opac_address>/cgi-bin/koha/svc/googleoauth2
         - click Generate
4) Set the GoogleOAuth2ClientID and GoogleOAuth2ClientSecret according to the values generated above
5) Test that clicking login intiates an oauth2 login
6) Try logging in with an email that is not registered to a library user. It should fail and offer either to retry or to login manually.
7) Try logging in with an email that is registered to a library user. You should be logged in.

Signed-off-by: Mason James <mtj@kohaaloha.com>
Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc

Conflicts:
C4/Auth.pm
installer/data/mysql/updatedatabase.pl
koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc
koha-tmpl/opac-tmpl/ccsr/en/includes/top-bar.inc
koha-tmpl/opac-tmpl/prog/en/includes/masthead.inc
koha-tmpl/opac-tmpl/prog/en/modules/opac-auth.tt

Conflicts:
installer/data/mysql/updatedatabase.pl

Conflicts:
C4/Auth.pm
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-auth.tt

5 years agort950 add id for BS cart mod
Mason James [Tue, 17 Jun 2014 19:13:27 +0000 (07:13 +1200)]
rt950 add id for BS cart mod

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc

5 years agort883 add IPSP ccode-opac
Mason James [Mon, 16 Jun 2014 04:34:33 +0000 (16:34 +1200)]
rt883 add IPSP ccode-opac

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/css/opac.css
opac/opac-search.pl

Conflicts:
koha-tmpl/opac-tmpl/bootstrap/en/includes/masthead.inc

Conflicts:
opac/opac-search.pl

5 years agort815, add classes to table
Mason James [Sat, 14 Jun 2014 02:41:53 +0000 (14:41 +1200)]
rt815, add classes to table

Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

Conflicts:
koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt

5 years agobz 12120, patch for --tempdir /var/tmp
Mason James [Fri, 2 May 2014 07:29:20 +0000 (19:29 +1200)]
bz 12120,  patch for --tempdir /var/tmp
modified:   debian/scripts/koha-rebuild-zebra

Conflicts:
debian/scripts/koha-rebuild-zebra

5 years agobug 10538 - add fix_openoffice_csv() sub
Mason James [Wed, 6 Nov 2013 10:42:21 +0000 (23:42 +1300)]
bug 10538 - add fix_openoffice_csv() sub

5 years agoRT797 add ips2.xsl file
Mason James [Thu, 4 Jun 2015 04:45:46 +0000 (16:45 +1200)]
RT797 add ips2.xsl file

new file:   koha-tmpl/opac-tmpl/bootstrap/en/xslt/MARC21slim2OPACResults-ips2.xsl

5 years agoTranslation updates for Koha 3.22.10 3.22.10 kc/3.22.x v3.22.10
Julian Maurice [Tue, 23 Aug 2016 11:45:11 +0000 (13:45 +0200)]
Translation updates for Koha 3.22.10

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoUpdate release notes for 3.22.10 release
Julian Maurice [Tue, 23 Aug 2016 07:08:28 +0000 (09:08 +0200)]
Update release notes for 3.22.10 release

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoIncrement version for 3.22.10 release
Julian Maurice [Tue, 23 Aug 2016 06:52:03 +0000 (08:52 +0200)]
Increment version for 3.22.10 release

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 14138: Followup for 3.22
Julian Maurice [Thu, 25 Aug 2016 08:29:48 +0000 (10:29 +0200)]
Bug 14138: Followup for 3.22

5 years agoFix use of non-existent variable $borrower
Julian Maurice [Thu, 25 Aug 2016 08:23:08 +0000 (10:23 +0200)]
Fix use of non-existent variable $borrower

5 years agoFix number of tests for db_structure.t
Julian Maurice [Thu, 25 Aug 2016 08:08:38 +0000 (10:08 +0200)]
Fix number of tests for db_structure.t

5 years agoBug 16573: DBIx update
Julian Maurice [Thu, 25 Aug 2016 08:03:31 +0000 (10:03 +0200)]
Bug 16573: DBIx update

5 years agoFix test t/db_dependent/Circulation.t
Julian Maurice [Thu, 25 Aug 2016 08:00:45 +0000 (10:00 +0200)]
Fix test t/db_dependent/Circulation.t

5 years agoBug 17106 - DataTables patron search defaulting to 'starts_with' - doc
Fridolin Somers [Thu, 11 Aug 2016 08:39:31 +0000 (10:39 +0200)]
Bug 17106 - DataTables patron search defaulting to 'starts_with' - doc

Bug 15930 modified default value for DataTables patron search.

The doc text should also be modified :
"Can be 'contain' or 'start_with' (default value). Used for the
searchmember parameter."

Test plan :
- install Koha with patch
- look at man page man/man3/C4::Utils::DataTables::Members.3pm

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 29b4ee5c74949d9706387b1d02b858cd697a57d6)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 030487d9e341a16b7220d4c45e8f8e3677844906)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17100: Restore previous logic
Jonathan Druart [Mon, 15 Aug 2016 14:11:19 +0000 (15:11 +0100)]
Bug 17100: Restore previous logic

There is no need to change the previous logic here, so let's restore it.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f8230d5d0a6f20f0e054744221d5ad4b1ca467e3)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 06e37a47df894b42accbd1b98c734515ff3b3e12)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17100: Do not display payments if patron has nothing to pay
Marc Véron [Wed, 10 Aug 2016 09:42:28 +0000 (11:42 +0200)]
Bug 17100: Do not display payments if patron has nothing to pay

This alternative patch moves logic and formatting to the template file.

To test:
* without patch
  1/ find a patron with no lines in accountlines table : print summary shows no "account fines and payments" => OK
  2/ find a patron with some lines in accountlines table and the total amount > 0 : print summary shows a table "account fines and payments" with fines to recover => OK
  3/ find a patron with some lines in accountlines table but the total amount = 0 : print summary shows a table "account fines and payments" with nothing in it => NOK

* with the patch, same cases as before :
  1/ same as without patch
  2/ same as without patch
  3/ print summary does not show "account fines and payments"

- Additionally, verify that formatting follows syspref 'CurrencyFormat'
- Verify that amount column is right-aligned

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 492a64cef95c6afb1644cbb4f1be181c2442cbd8)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 7602198e60e0a43c1d35164db2c49d26412bfc08)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17001: fix due date filter on the overdue report
Galen Charlton [Fri, 29 Jul 2016 20:41:19 +0000 (20:41 +0000)]
Bug 17001: fix due date filter on the overdue report

When the TimeFormat system preference is set to "12 hour",
setting a filter on the due date can result in:

- no overdue loans being reported, even if there are some
  that meet the criteria

OR

- overdue loans being omitted from the report if they
  are due on the "until" date in the filter

This patch fixes this by replacing output_pref() with
DateTime::Format::MySQL to format the date filter values
to pass to the SQL query.

To test
-------
[1] Run the overdue report (circ/overdue.pl) and set a filter
    on due date, using values that should bring up one or
    more overdue loans.
[2] Note that zero overdue loans are returned (if using MySQL
    5.5, 5.6, or 5.7 or MariaDB 5) or that loans due on the
    "until" date are omitted (if using MarioDB 10).
[3] Apply the patch and repeat step 1. This time, the correct
    set of overdue loans should be reported.

Signed-off-by: Galen Charlton <gmcharlt@gmail.com>
Signed-off-by: Jason Robb <jrobb@sekls.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 761001add1a95d147a23b74e8d817890ffc08ac5)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 2ce7bf6ed5c6d74e3635666f93ef9e1f90d091c0)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17107 - Add ident and Identifier-standard to known indexes
Fridolin Somers [Thu, 11 Aug 2016 08:58:40 +0000 (10:58 +0200)]
Bug 17107 - Add ident and Identifier-standard to known indexes

Add ident and Identifier-standard to known indexes in C4::Search::getIndexes().
Those indexes can be very useful, for example for IdRef feature.

Test plan :
- Make sure some records have a field indexed with Identifier-standard, ISBN=1234 for example
- Perform a search /cgi-bin/koha/opac-search.pl?idx=ident,phr&q=1234
=> you find the record
- Perform a search /cgi-bin/koha/opac-search.pl?q=ident:1234
=> Without patch : you get no results
=> With patch    : you find the record
Idem for 'Identifier-standard'

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4884f3a00a99c959059b7d12544c271a1e1ab616)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 7547ffcc96a43fb4228896a431344155c72bc910)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17009: Speed up the framework duplication
Jonathan Druart [Mon, 1 Aug 2016 12:46:49 +0000 (13:46 +0100)]
Bug 17009: Speed up the framework duplication

To duplicate frameworks, the code retrieve all the subfields, then
execute 1 insert per subfield.
It's unnecessary slow, we can use the DBMS to do it.

Test plan:
Create a new framework and duplicate the structure of another framework.

Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 739eaa82e8b52a1ef83e995badc7ddfa3a32e3fc)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 6551bebd939aefb3a4e6c59d3bee83c311cd842d)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17117: Patron personal details not displayed unless branch update request is...
Jacek Ablewicz [Fri, 12 Aug 2016 14:19:52 +0000 (16:19 +0200)]
Bug 17117: Patron personal details not displayed unless branch update request is enabled

In patron acount ("your personal details" tab, which serves as a form
for submitting update requests as well) it's not possible to display
some account details like expiration date etc., without enabling
the field for branch / library update requests too.

To reproduce:

1) set OPACPatronDetails to "Allow"
2) clear PatronSelfModificationBorrowerUnwantedField preference
- all possible fields in the update requests form are visible
in patron account, including some extra details (card number,
expiration date, category) in the "Library" section on top
3) put 'branchcode' in PatronSelfModificationBorrowerUnwantedField preference
4) the whole 'Library' section disappears

To test:

1) apply patch
2) put 'branchcode' in PatronSelfModificationBorrowerUnwantedField,
'Library' section should remain visible (sans branch selection option)
3) put 'branchcode|cardnumber|datexpiry|categorycode' in the same
preference, 'Library' section should now disappear

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fb449aaede3f23ee71e9e50286a26035bb3ef640)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 700c602634390f34a3fac86c158d95b30bc03963)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16955: Do not clear from cache when adding a new framework
Jonathan Druart [Tue, 2 Aug 2016 08:43:01 +0000 (09:43 +0100)]
Bug 16955: Do not clear from cache when adding a new framework

There are several issues with these lines:
1/ $cache is not defined correctly and it not visible inside
duplicate_framework
2/ $frameworkcode is a wrong c/p, it should be $newframeworkcode
3/ these calls are not needed. As we are creating a new framework, the cache
should be empty...

This patch will simply remove these calls

Test plan:
Duplicate a framework and confirm that you do not get any error in your
logs.

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 84812129c979557cd2232c3a8b5b0f01c368a634)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit c05e2c13552ec9236de8ba8052864d91134516a3)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16996: Do not explode if mandatory fields are missing
Jonathan Druart [Wed, 3 Aug 2016 15:28:24 +0000 (16:28 +0100)]
Bug 16996: Do not explode if mandatory fields are missing

At the OPAC, if a patron modify his/her information and at least 1
mandatory field is missing, Koha will crash with
  Template process failed: undef error - Can't call method "description"

It is raised by Koha::Template::Plugin::Categories::GetName called with
an undefined categorycode.
The problem is that the values sent originaly are not sent back to the
template if the user missed something.
This patch makes that all info are resent to the template in order to
show the same form to the user.

Test plan:
0. Apply patch

1. Make sure that the categorycode is not hidden in the OPAC in:
     PatronSelfRegistrationBorrowerUnwantedField or PatronSelfModificationBorrowerUnwantedField

2. Add a required field in PatronSelfRegistrationBorrowerMandatoryField, for example email.

3. Go to Your Personal Details in the OPAC (opac-memberentry.pl) and leave blank the required field of point 2

4. Press "Submit update request"

There should be no software error.

NOTE: The warns will be floody on the logs.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8c5cb134ee75aad77a9ba9b9fd84005fc0a9feb3)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 803ad5b022e0c469d27336bdcdfb4966f3f01960)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 14844: Corrupted storable string. When adding/editing an Item, cookie LastCreated...
Olli-Antti Kivilahti [Thu, 17 Sep 2015 10:23:49 +0000 (13:23 +0300)]
Bug 14844: Corrupted storable string. When adding/editing an Item, cookie LastCreatedItem might be corrupted.

No idea how to replicate this issue but we have been getting several reports
about the following error:

Software error:

Corrupted storable string (binary v2.9) at /usr/lib/perl/5.18/Storable.pm line
417, at /home/koha/kohaclone/cataloguing/additem.pl line 375.

TEST PLAN:
1. Add or modify an Item.
2. No observed changes.
?. We don't know what causes this but we know that add/modify Item occasionally
   crashes due to failure of a cookie thawing.

This patch prevents the whole program from dying, because this error is not
critical enough to warrant dying.
Also there is no centralized mechanism in Koha for showing messages to the
user, so there is no easy and convenient way to warn the user that the:
'LastCreatedItem'-cookie or the systempreference 'PrefillItem' is
malfunctioning.

So we instead just warn to the server logs with the malfunctioning cookie in
hopes of nailing down what causes the issues.

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 9237fe676336f5908a9acc26a3b70b70d25602ae)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit d9def60267c1eb8aaacf4958de3bbddbace27621)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17103 - Google API Loader jsapi called over http
Indranil Das Gupta (L2C2 Technologies) [Sat, 13 Aug 2016 00:25:14 +0000 (05:55 +0530)]
Bug 17103 - Google API Loader jsapi called over http

This patch replaces the hardcoded protocol ("http") from the URI with
https since that is what Google defacto uses to serve JS resources
Prevents MIXED CONTENT failure, allowing GoogleIndicTransliteration
to function correctly when used in SSLized OPACs.

Test plan
---------

1/ Make sure your OPAC is being served both over HTTP and HTTPS
2/ Set GoogleIndicTransliteration syspref to "Show"
3/ Access the OPAC over http, Google transliteration element will
   show up in masthead searchbox.
4/ Access the OPAC over https. The element will not show. Console
   will show MIXED CONTENT error and failure of google loader.
5/ Apply patch. Repeat steps #3 and #4 again. Now in both cases
   GoogleIndicTransliteration will work.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6fcd32a75c41c7815a883cc4952899ea24045b3c)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 3a5e20809c191ed5773e70f09c0096d14cade6c9)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16974: Make koha-plack should check and fix log files permissions
Tomas Cohen Arazi [Mon, 25 Jul 2016 18:08:00 +0000 (15:08 -0300)]
Bug 16974: Make koha-plack should check and fix log files permissions

This patch adds a function to the koha-plack script so it checks for log file
existence and its permissions. This function is called from the start_plack function.

If some of this conditions are not fulfilled, it solves the situation by either
touching and/or changing the permissions accordingly for the instances' plack log files.

To test:
- Run (on kohadevbox):
  $ cd kohaclone
  $ debian/scripts/koha-plack --start kohadev
  $ debian/scripts/koha-plack --stop  kohadev
  $ ls /var/log/koha/kohadev/plack*
- Verify ownership of the created files (they might belong to the root user)
- Apply the patch
- Run:
  $ chown root:root /var/log/koha/kohadev/plack*
  $ debian/scripts/koha-plack --start kohadev
  $ ls /var/log/koha/kohadev/plack*
=> SUCCESS: Files belong to kohadev-koha:kohadev-koha
- Run:
  $ debian/scripts/koha-plack --stop  kohadev
  $ rm /var/log/koha/kohadev/plack*
  $ debian/scripts/koha-plack --start kohadev
  $ ls /var/log/koha/kohadev/plack*
=> SUCCESS: Files are created and belong to kohadev-koha:kohadev-koha
- Sign off :-D

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 007d2feee6b2fec92f2d6518a3e84de0f6476b3d)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit ba5ac05a140f62c6bb8383049bcfeba5c96a7de5)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16885: koha-stop-zebra should be more sure of stopping zebrasrv
Mark Tompsett [Wed, 3 Aug 2016 03:26:03 +0000 (23:26 -0400)]
Bug 16885: koha-stop-zebra should be more sure of stopping zebrasrv

This patch follows Galen's suggestion in comment #7.

TEST PLAN
---------
1) Back up your koha logs as desired.
2) add something to /var/log/koha/{instance name}/intranet-error.log
3) ps aux | grep zebra
4) logrotate -f /etc/logrotate.d/koha-common
5) ps aux | grep zebra
   -- the zebrasrv and daemon process for zebra indexing
      didn't restart.
6) apply this patch against /usr/sbin/koha-stop-zebra
7) sudo koha-start-zebra {instance name}
8) ps aux | grep zebra
   -- the processes should have started up again.
9) add different junk to /var/log/koha/{instance name}/intranet-error.log
10) ps aux | grep zebra
11) logrotate -f /etc/logrotate.d/koha-common
12) ps aux | grep zebra
    -- the process ids for the zebrasrv and daemon processes should
       be different, but the number of processes is the same as before.
13) sign off, because its less ugly than comment #3

Sponsored-by: Tulong Aklatan
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Works as expected, no regressions found.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ac4a058b05fc1a1a6955d025328cca6ae369baeb)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 16769bdb1445bcccd3be0221ba69917344f363e9)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16944: Add "email" and "url" classes when edit or create a vendor
Hector Castro [Tue, 19 Jul 2016 20:58:58 +0000 (14:58 -0600)]
Bug 16944: Add "email" and "url" classes when edit or create a vendor

When edit or create a new vendor the two fields "email" and "website" don't test
if the data provided is right. When you add a direction like
"koha-community.org" without the protocol "https" the program redirect to an
404 error.

To reproduce the issue:
1-Go to Acquisition and create a new Vendor
2-Fill the field Website with koha-community.org
3-Use an email without at sing (@)
4-Notice that there is no error
5-Save
6-Go to the vendor created (/cgi-bin/koha/acqui/supplier.pl?booksellerid=1)
7-Click in Website: koha-community.org -> redirect to an 404 error
8-Notice the bad mailto:

To test:
-Apply patch
-Reproduce step 1 to 8 with the same vendor or create a new one
-Enter multiple wrong and valid urls
-Enter urls with and without protocols http, https, ftp
-Enter wrong and valid emails

NOTE: The classes used are taken from 'branches.tt'
Signed-off-by: Liz Rea <liz@catalyst.net.nz>
no longer allows entering of improper website urls or incomplete email addresses.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 71d20a8c3b48a4dd1c7fb569b3baf2352d9757ac)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 3b4564001d571304490fe81dbd92e656fc9ad53e)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17052: Display patron category description in the sidebar of paycollect
Jonathan Druart [Thu, 4 Aug 2016 16:19:37 +0000 (17:19 +0100)]
Bug 17052: Display patron category description in the sidebar of paycollect

The patron category description is not passed to the template in
paycollect.pl

Note: The Categories TT plugin should be used here...

Test plan:
Go on paycollect.pl and confirm that the patron category description is
now displayed in the sidebar.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c3badb0c570beada485cc71ea6b494da1d59f1b0)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 527cd879bb832feb1a73afb85ffb948bb4c0ee64)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17055 - Add classes to different note types to allow for styling on checkins...
Kyle M Hall [Fri, 5 Aug 2016 13:56:52 +0000 (13:56 +0000)]
Bug 17055 - Add classes to different note types to allow for styling on checkins page

Returned items may have 3 kinds of notes, patron, item public, and item
non-public. However, the html markup for them does not allow us to
distinguish which type we are seeing. It would be good to add classes
for each of these note types.

Test Plan:
1) Check out an item to a patron
2) Add a patron note, a public item note, and a non-public item note
   to the patron and item you used
3) Check in the item and instead the html, note the each note span
   now has a class to distinguish which type of note is being displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit dbfda36767c113b8e515e8d2bfedd435ed7bd133)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit a86c2250100b898d0c537497c5b6ad20eb969d28)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17078 - Format fines on opac-account.pl
Marc [Mon, 8 Aug 2016 12:04:44 +0000 (14:04 +0200)]
Bug 17078 - Format fines on opac-account.pl

To verify:
- Log in to OPAC as a user who has fines or credits
- Go to page "your fines"
- Verify that values for "Fine amount", "Amount outstanding"
  and "Total due" are not formatted as defined in syspref CurrencyFormat
  (e.g. for FR)

To test:
- Apply patch
- Repeat steps above
- Verify that values are formatted as appropriate with different
  settings for syspref CurrencyFormat

Note: This patch does not force text alignment to the right.
      Text alignement can be done using syspref OPACUserCSS
      (td.sum, td.credit, td.debit)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d76737ba7d41bc261b59a2ea2cf4c591a62a0bc4)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit f13a576bf5b1b10d2ea54b89eac44cc95270b386)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17076 - Format fines in patron search results table
Marc [Mon, 8 Aug 2016 09:33:50 +0000 (11:33 +0200)]
Bug 17076 - Format fines in patron search results table

Format the values in patron search results following syspref CurrencyFormat.

To verify:
- Search for patrons who have fines or credits
- In result table, column 'Fines' does not respect syspref CurrencyFormat
  (e.g. for FR)

To test:
- Apply patch
- Repeat steps above, verify that fines display as appropriate
- Change syspref Currencyformat, verify display

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6359922847aa9437bccc1d28fd429d5432517e9a)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 1adcd737574fcbde4a86c5b3b72718c5e5ba21da)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16969 cgi->param used in list context in opac-memberentry.pl
Chris Cormack [Sun, 24 Jul 2016 07:18:51 +0000 (19:18 +1200)]
Bug 16969 cgi->param used in list context in opac-memberentry.pl

To test
1/ Hit the page, notice the warning in the log
2/ Apply patch
3/ Hit page, notice no warning in the log
4/ Test functionality all still works

Works as expected. (Note: See Bug 16960 for updating patron details).
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0ef3b19dbd414539dbc8c45ecc595e399df31781)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 2dc212beef4f4baa56e2c2cac00cdf038989f884)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16894: Regression - Display email on patron search results
Jonathan Druart [Wed, 3 Aug 2016 15:41:48 +0000 (16:41 +0100)]
Bug 16894: Regression - Display email on patron search results

Bug 10318 added the email to the patron search results but it has been
removed later.
This patch reintroduced it where it was (no new column).

Test plan:
Search for patrons and confirm that the emails are displayed.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 034f939a44287ae7078d95c15b55368aa98b4216)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 68a4549aa9fd36904c8b7fb321d14ac1946bc485)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16806: no error message for 'too_soon' renewal
phette23 [Thu, 23 Jun 2016 23:06:59 +0000 (16:06 -0700)]
Bug 16806: no error message for 'too_soon' renewal

To test:
-  for a particular item type & patron category, configure a non-zero
"no renewal before" date so items can't be immediately renewed
- sign in as a patron in aforementioned patron category
- check out an item of aforementioned item type
- go to your renewals page in OPAC /cgi-bin/koha/opac-user.pl
- an error messages appears in the div.alert.dialog up top

Sponsored-by: California College of the Arts
Signed-off-by: Brendon Ford <brendon.ford@manhattan.edu>
Signed-off-by: Irma Birchall <irma@calyx.net.au>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit aa2f56fa1a76d98ab9543a100810c354c4d23554)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 8ff5f08edd0dc434e56d35cb4956df6027f0eed6)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16776: Do not forget external language choice in language switcher
Jonathan Druart [Mon, 25 Jul 2016 15:37:03 +0000 (16:37 +0100)]
Bug 16776: Do not forget external language choice in language switcher

If language is set by external link language switcher does not work

To reproduce:

- Have a multilingual koha installation, let's say en, de-CH, fr-FR and it-IT
- Create external links e.g. from your multilingual library website to each language variant of OPAC:

...cgi-bin/koha/opac-main.pl?language=en
...cgi-bin/koha/opac-main.pl?language=de-CH
...cgi-bin/koha/opac-main.pl?language=fr-FR
...cgi-bin/koha/opac-main.pl?language=it-IT

Each link opens fine displaying the language as appropriate.

Now try to switch language on the page you just opened via the external link.

It won't work, it will always stay on the language defined by the external link.

To test:
- Apply patch
- Repeat steps above
- Verify that the language switcher works
- Verify in browser address field that after switching language, the param 'language= 'has vanished from url string
- Try links with multiple params and with params containing 'language', e.g.
  ...cgi-bin/koha/opac-search.pl?language=fr-FR&q=language&mylanguage=test
- Verify that only the parameter 'language=' vanishes

Tested counter patch, works as well.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 62d16aa6b750aaade2267596c19292659333f8c8)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 55bdbc09e6a60d417cbc2d88bb90241fcac57aa2)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16848: Prevent invalid warning to be carped from output_pref
Jonathan Druart [Mon, 4 Jul 2016 10:53:39 +0000 (11:53 +0100)]
Bug 16848: Prevent invalid warning to be carped from output_pref

From Koha::DateUtils::output_pref:

   $dt = eval { dt_from_string( $str ) } if $str;
   carp "Invalid date '$str' passed to output_pref\n" if $@;

This second line is wrong: if $str does not exist, the first line is not evaluated and $@ could be filled with previous error.

To reproduce:

Then:
  prove t/DateUtils.t
will display:
t/DateUtils.t .. 20/60 Use of uninitialized value $str in concatenation (.) or string at Koha/DateUtils.pm line 217.
Invalid date '' passed to output_pref
 at t/DateUtils.t line 233.
t/DateUtils.t .. ok
All tests successful.
Files=1, Tests=60,  2 wallclock secs ( 0.02 usr  0.00 sys +  1.40 cusr  0.00 csys =  1.42 CPU)
Result: PASS

Test plan:
Without this patch, you should not see the carp

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c31213ba4fab0082c6ad556aae424918b62205d0)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit f81c6770054dab1cb4b4a1ccea1b28bd702b412b)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17074: Follow-up: fixing encoding issues with multiple search terms
Katrin Fischer [Sun, 7 Aug 2016 23:15:23 +0000 (01:15 +0200)]
Bug 17074: Follow-up: fixing encoding issues with multiple search terms

If there was more than one search term you could see that that it
was url encoded. Also problems with search terms with umlauts and
other diacritics.

Patch should fix that.

https://bugs.koha-community.org/show_bug.cgi?id=17074
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 09d7a47f1fb1c645d0e3ffb93fb88409b3310363)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit a42da0108e3f8dee889ef28e0c0d736e23a9aacc)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17074: Fix links in result list of 'scan indexes' and keep search term visible
Katrin Fischer [Sun, 7 Aug 2016 14:03:13 +0000 (16:03 +0200)]
Bug 17074: Fix links in result list of 'scan indexes' and keep search term visible

The 'scan indexes' search that can be reached from the
advanced search has 2 problems to begin with:

- The search term you searched for is not displayed
  in the input field.
- The links in the result list are missing the index
  and because of that, are not giving the correct results.

To test:
- Go to the advanced search, select an index to search in
- Enter a search term and check 'scan indexes'
- Submit search
- Check if the search term is visible in the input box
- Check if the result links contain your selected index
  and give you correct results (count and the number of
  results should match)

Tested both patches together, works as expected.
Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8d7e62b808522b1871d6b704e0ae5def3be886ee)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 2b62fbde3357b396d72cbce7d625b096c0467307)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17053 Clearing search term in Reports
Frédéric Demians [Sat, 6 Aug 2016 08:13:18 +0000 (10:13 +0200)]
Bug 17053 Clearing search term in Reports

If you click the clear button to clear the search term it does take the search
term away. However, the next time you click on "Saved reports" the search term
is still there.

TO TEST:

1. Reports > Use saved
2. Filter on anything (date/author/keyword). Let say "foo" in keyword.
3. Click the Clear link on the Filter form. You can see that "foo" is removed
   from keyword, and all the saved reports are displayed.
4. Click "Saved Reports" on the left. You can see that "foo" reappears in
   keyword filter.
5. Apply the patch, and repeat steps 2-4.

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit aa0e27ea08cf0d9a1ff46b061cc38d2b15fa66e7)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 86985bffc49977c97c6de98edc68ad3c3f917039)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17087 - Set Test::WWW::Mechanize version to 1.42
Mirko Tietgen [Tue, 9 Aug 2016 12:55:43 +0000 (14:55 +0200)]
Bug 17087 - Set Test::WWW::Mechanize version to 1.42

This was set to a version that is not available in Wheezy or Jessie.
The version is not required, the only change to 1.42 (packaged for
Wheezy and Jessie) is a fix for Windows, see
http://cpansearch.perl.org/src/PETDANCE/Test-WWW-Mechanize-1.44/Changes

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 893f6cc2633744d4f539fd1b6b9f4b8837277d2d)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 4267b60311227453335d9c4f64cb9d5c0946ced7)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 10148: Marc21 field 007 builder improper reload values
Mark Tompsett [Mon, 11 Apr 2016 03:18:26 +0000 (23:18 -0400)]
Bug 10148: Marc21 field 007 builder improper reload values

The more correct solution is fix that template file.
However, in the mean time, this works.

TEST PLAN
---------
 1) find a record
 2) edit record
 3) click value builder for 007
 4) change everything to pipes as much as possible.
    (use Motion Picture to get all 00-22 values)
 5) save
    -- should save just fine.
 6) click the value builder again
    -- OOPS! Bad reload.
 7) prove t/db_dependent/FrameworkPlugin.t
    -- NOISY 007 messages.
 8) apply patch
 9) click the value builder again
    -- good reload
10) prove t/db_dependent/FrameworkPlugin.t
    -- No noise related to 007.
11) run koha qa test tools.

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 22c851cc2fea3c3868f7643132392f0a34439c65)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit e3da772c3cd10ab999b7ee5708c6eab5dfb0599d)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17038: Fix XSS in catalogue/search.pl
Jonathan Druart [Wed, 3 Aug 2016 12:57:43 +0000 (13:57 +0100)]
Bug 17038: Fix XSS in catalogue/search.pl

Test plan:
Search for something like:
  \";alert(1)//135

=> Without this patch you will see the alert
=> With this patch, no more alert

Note that this fix the parameters idx, q and op

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b543fa74fe888b9e53cfc06ac58e2f7ac1689ae5)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 97f1d825cd4031e0c9077d9d8cf0f0c7f69d894c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17036: Fix XSS in circulation.pl
Jonathan Druart [Wed, 3 Aug 2016 07:49:10 +0000 (08:49 +0100)]
Bug 17036: Fix XSS in circulation.pl

Test plan:
Enter the following in the "Check out" tab:
"><script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 96a9c2715ee2e4388e105e86e221bc280e1d757f)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 3bf66eb1a1af1f917ffbf3865762cac64bfdbaef)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17021: Fix XSS in circ/returns.pl
Jonathan Druart [Thu, 28 Jul 2016 12:01:43 +0000 (13:01 +0100)]
Bug 17021: Fix XSS in circ/returns.pl

Test plan:
Enter the following in the barcode input:
<script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 12b4c83f5a5c11af635cae83e6837ff80dc02da7)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 4f5121a99e063fc05fb19caac89e5a56b1ff0afb)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17025: Fix XSS in serials-search.pl
Jonathan Druart [Tue, 2 Aug 2016 13:46:11 +0000 (14:46 +0100)]
Bug 17025: Fix XSS in serials-search.pl

Test plan:
Hit
  /serials/serials-search.pl?ISSN_filter="%2F><script>alert('XSS')<%2Fscript>&searched=1
  /serials/serials-search.pl?title_filter="%2F><script>alert('XSS')<%2Fscript>&searched=1

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1ea1504c30c5c34dd763027caee55dcf359e94cf)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit d432c5bba836601b809a9f807af05ef85e952453)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17029: Fix XSS in catalogue/*detail.pl
Jonathan Druart [Tue, 2 Aug 2016 14:46:06 +0000 (15:46 +0100)]
Bug 17029: Fix XSS in catalogue/*detail.pl

Hit
  /cgi-bin/koha/catalogue/detail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/ISBDdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/MARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/moredetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>
  /cgi-bin/koha/catalogue/labeledMARCdetail.pl?biblionumber=1<script type="text/javascript">alert("XSS")</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f3a8e5a4117a0e95969ff2856dfcd95a6935ec55)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 990aca1cb7548bcead783f40661acb156952d09a)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 7441: Update DB rev (3.22.09.004)
Frédéric Demians [Wed, 10 Aug 2016 13:28:20 +0000 (13:28 +0000)]
Bug 7441: Update DB rev (3.22.09.004)

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 7441: QA follow-up - Add note about missing NORMARC support
Katrin Fischer [Wed, 10 Aug 2016 05:15:03 +0000 (07:15 +0200)]
Bug 7441: QA follow-up - Add note about missing NORMARC support

Adds a note about missing support for NORMARC (only supports
MARC21 and UNIMARC) to the system preference text.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 821cb91a80942a85f4d22e6b1a8c700add7bab7d)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 57e2a013cc78db4e26367cbfd34bc0054e67a3ba)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 7441 - Followup search results showing wrong branch [UNIMARC]
Jonathan Druart [Fri, 24 Jun 2016 15:08:23 +0000 (16:08 +0100)]
Bug 7441 - Followup search results showing wrong branch [UNIMARC]

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
  Playing with OPACResultsLibrary syspref, biblio with items having different
  home/holding library are displayed properly.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 492d79a7df18efb294bd9bd9da5fa5b4efe1e592)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 1d2da8fcd06e1f396d63fd834771f2a208fc5b91)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 7441 - search results showing wrong branch?
Kyle M Hall [Thu, 2 Jun 2016 14:01:56 +0000 (14:01 +0000)]
Bug 7441 - search results showing wrong branch?

When you search in the OPAC it shows you the HOME branch on the location
in XSLT, but if you click through to the detail page it shows you the
CURRENT BRANCH in the holdings table which is very confusing to patrons.
I don't know what's the right solution - home or holding branch, but they
should be the same in both places for the patron's sake. If you do the same
search in the staff client you see the right branch info on the search results
and on the detail page.

Test Plan:
1) Apply this patch
2) Run updatedatabase.pl
3) Search the catalog, you search should include results with items
   that have different home and holding libraries.
4) The results should look the same as before the patch
5) Change the system preference OPACResultsLibrary to "current location"
6) Refresh your page of search results
7) The results show now show the holding library instead of the home library

Signed-off-by: Barbara Walters <bwalters@ncrl.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4db2e745e244bfc9e8315b4903c30e21142d9cb4)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 17a103d8a06345ad39e3af9c0d3a50c3f24ce5e7)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17023: Fix XSS in acqui/z3950_search.pl
Jonathan Druart [Tue, 2 Aug 2016 13:15:09 +0000 (14:15 +0100)]
Bug 17023: Fix XSS in acqui/z3950_search.pl

Test plan:
Enter the following in the different inputs:
<script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit eb543a90848b97d35aa15052c8881134926a3ed0)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 7cb27f092a4c699fcd428083383eef6f515da3e3)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17023: Fix XSS in cataloguing/z3950_search.pl
Jonathan Druart [Tue, 2 Aug 2016 13:06:41 +0000 (14:06 +0100)]
Bug 17023: Fix XSS in cataloguing/z3950_search.pl

Test plan:
Enter the following in the different inputs:
<script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit f6e0a619d974fe002ec6a920206c7bc2808bce26)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 98c6d7873535d52609657ecaf256740c95c0e532)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16450 - Remove the use of "onclick" from guarantor search template
Owen Leonard [Wed, 4 May 2016 13:34:46 +0000 (09:34 -0400)]
Bug 16450 - Remove the use of "onclick" from guarantor search template

This patch updates the guarantor search template so that event
definition is done in the script rather than in an onclick attribute.

This patch also increases the size of the popup window to help prevent
the need for horizontal scrolling and adds Bootstrap style to the
"select" button.

To test, apply the patch and clear your browser cache if necessary.

- Go to Patrons and add a patron with a "child" category type.
- In the "Guarantor information" section, click the "Set to patron"
  button.
- In the pop-up window, search for a patron.
- Click the "Select" button next to a patron.
- The window should close, and the patron you selected should now appear
  as the guarantor. The guarantor's address information should be added
  to the "Main address" section.

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17065 - Rename C4/Auth_cas_servers.yaml.orig
Mirko Tietgen [Sat, 6 Aug 2016 11:52:26 +0000 (13:52 +0200)]
Bug 17065 - Rename C4/Auth_cas_servers.yaml.orig

C4/Auth_cas_servers.yaml.orig gets cleaned away after every package build because
of the .orig extension. This patch moves it.

It is only a sample file, there is no functionality to test. Just verify that the
file is there with the new name after you applied the patch.

Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 30474a321575ffecfd4e2578dce59385267ec8d7)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 0447a6a217f9836e54225f4b6a1fdc13f85409fa)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17068: empty <li> in opac-reserve.tt
Eric Phetteplace [Sat, 6 Aug 2016 17:44:53 +0000 (10:44 -0700)]
Bug 17068: empty <li> in opac-reserve.tt

empty HTML list item on 'holds' page, to test:
- sign in as user
- attempt to place hold
- view source in between 'holds note' textarea & <!-- ITEM HOLDS --> comment
- note empty <li>
- apply patch
- repeat process above up until patch
- no more empty <li>

Signed-off-by: Jason Robb <jrobb@sekls.org>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 17a5ef51199736235f0c3fd35c84be124ecc166e)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 9fa841b0e10849f89c66a222795aac0d96188aa5)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16622: some tests triggered by prove t fail for unset KOHA_CONF
Mark Tompsett [Tue, 31 May 2016 16:01:46 +0000 (12:01 -0400)]
Bug 16622: some tests triggered by prove t fail for unset KOHA_CONF

TEST PLAN
---------
1) unset KOHA_CONF
2) prove t
   -- 00-load.t dies miserably
3) prove t/Creators.t
   -- fails
4) apply patch
5) prove t
   -- noisy, but all tests successful
6) prove -v t/Creators.t
   -- 2 skipped tests
7) run koha qa test tools

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 6b3a04da6a2f137ad87e0d39e9cc2c5ab7958850)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 72c6715260e6605be83cced71029ba21be51aba1)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17044: Fix wrong destination for 'api' directory
Tomas Cohen Arazi [Wed, 3 Aug 2016 17:34:12 +0000 (14:34 -0300)]
Bug 17044: Fix wrong destination for 'api' directory

The original Makefile.PL tweak missed to trim the directory name thus
repeating the 'api' directory like in 'api/api'.

To test:
- Make a standard install (for example in /usr/share/koha
=> FAIL: check /usr/share/koha/api/api exists
- Make a single install (for example in /home/tcohen/koha-single)
=> FAIL: check /home/tcohen/koha-single/api/api exists
- Apply the patch
- Make a standard install (for example in /usr/share/koha
=> SUCCESS: check /usr/share/koha/api exists and doesn't contain a nested 'api' dir
- Make a single install (for example in /home/tcohen/koha-single)
=> SUCCESS: check /home/tcohen/koha-single/api exists and doesn't contain a nested 'api' dir
- Sign off :-D

Note: this affects the packages too, as the standard install is used as a basis.
Signed-off-by: Benjamin Rokseth <benjamin.rokseth@kul.oslo.kommune.no>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 72d92be918eae8a9bc3c6723c155d1b0c6ba25e4)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 58fd9fbea35bcdf75c73ef10ee7c38a2fa5dc007)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16727: Clarify upload category note
Nicole C Engard [Wed, 27 Jul 2016 13:27:37 +0000 (13:27 +0000)]
Bug 16727: Clarify upload category note

This patch clarifies the note on the upload tool
that states that no categories are defined.

To test:

* Log in to Koha
* Confirm that you have no values set for the UPLOAD
  authorized value category
* Visit Tools > Upload
* Check the warning note for typos
* Add a authorized value category for UPLOAD
* Visit Tools > Upload
* Confirm that note is replaced

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit ebaa3543d6278fe31886310cda5b10c807e6ad8a)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit fbb6eccabab6fa65bab8d03e4be444e4029faa7c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16864: Silence warnings in t/db_dependent/ILSDI_Services.t
Mark Tompsett [Wed, 6 Jul 2016 18:17:20 +0000 (14:17 -0400)]
Bug 16864: Silence warnings in t/db_dependent/ILSDI_Services.t

prove t/db_dependent/ILSDI_Services.t
generates noisy output as a result of the ambiguous context
of two $cgi->param() calls.

By storing into scalar variables, and then using the scalar
variables, the code maintains readability and fixes the problem.

TEST PLAN
---------
1) prove t/db_dependent/ILSDI_Services.t
   -- noisy.
2) apply patch
3) prove t/db_dependent/ILSDI_Services.t
   -- not noisy
4) run koha qa test tools

Signed-off-by: Marc <veron@veron.ch>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit ef0738922005e4235b80e70663d7fa711a87556e)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit ad5acf73bc03f2a68ebbaa27c3d9399ce38551ae)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16871: Translatability: Avoid [%%-problem and fix related sentence splitting...
Marc Véron [Tue, 5 Jul 2016 05:14:26 +0000 (07:14 +0200)]
Bug 16871: Translatability: Avoid [%%-problem and fix related sentence splitting in catalogue/detail.tt

In koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/detail.tt,
fix line splitted TT directives and sentence splitting leading
to translatability problems. (See first comment).

To test:
- Apply patch
- Go to detail pages of biblios with waiting holds
- Verify that messages in column 'Status' are OK
- Examine code in patch to make sure that the simplification in logic
  makes sense and that no TT directive is splitted
- Bonus test:
  - Go to folder misc/translator. Run perl translate create xx-XX
  - Verify that monster mentioned in first comment no longer exists
    (in po/xx-XX-staff-prog.po)

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Amended for wording (comment #5) 2016-07-26 mv

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 13004a8c649f1098f1ddd3be5a02b75bad27f3d8)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 536acf312012b29df27191683a313d097b176c1e)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16971: Missing dependency for HTML::Entities
Marcel de Rooy [Fri, 22 Jul 2016 09:48:21 +0000 (11:48 +0200)]
Bug 16971: Missing dependency for HTML::Entities

This module is already used in opac-password-recovery.pl.
It is loaded in Acquisition, but not used (anymore?).
It is not yet listed in PerlDependencies.

Note: The module is packaged for Debian Wheezy and Jessie.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 92626f55c88661d1e5b8dea57bdca412df004123)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit df0efd70da3486969b0601a5d3018f2f8cd49a52)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16818: External auth redirect broken under Plack
Jesse Weaver [Fri, 8 Jul 2016 22:01:19 +0000 (16:01 -0600)]
Bug 16818: External auth redirect broken under Plack

Test plan:

0) Have either CAS or Shibboleth authentication enabled under Plack.
1) Hover over the authentication link on the staff client or OPAC, and
   notice that it has either '.../opac/...' or '.../intranet/...' instead
   of '.../cgi-bin/koha/...'. (This will be a complete dealbreaker for CAS
   authentication.)
2) Apply patch.
3) Check links again; they should now have the correct paths.

Signed-off-by: Matthias Meusburger <matthias.meusburger@biblibre.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Did not test CAS or Shibboleth, but no regression found.

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit d475dae77313e8f0ee11146ce824d019351cbc5f)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 0c5c0a50b87ceeaa8f76e18240e279a96596222a)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 11490: Update DB rev (3.22.09.003)
Frédéric Demians [Fri, 24 Jun 2016 11:53:02 +0000 (11:53 +0000)]
Bug 11490: Update DB rev (3.22.09.003)

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 11490: Split MaxItemsForBatch into 2 prefs to clarify things
Jonathan Druart [Wed, 11 May 2016 13:10:49 +0000 (14:10 +0100)]
Bug 11490: Split MaxItemsForBatch into 2 prefs to clarify things

Prior to this patch, a single pref (MaxItemsForBatch) was used to
restrict the use of the batch item modification and deletion.

On the batch modification tool, the pref is used to limit the number of
items a librarian is allowed to modify in a batch, but on the batch
deletion tool the pref is used to limit the number of items to display.

To clarify things, this patch split the pref into 2 new prefs:
MaxItemsToDisplayForBatchDel and MaxItemsToProcessForBatchMod.

Later we could add a MaxItemsToProcessForBatchDel if needed.
Note that this patch should not introduce any changes in the current behaviors.

Test plan:
0/ Do not execute the update DB entry
1/ Set a value != 1000 for MaxItemsForBatch
2/ Execute the update DB entry and confirm that the 2 new prefs are
initially set with the value of MaxItemsForBatch and that
MaxItemsForBatch has been deleted
3/ Set different values for these 2 prefs (2 and 3 for instance to ease
the next steps)
4/ Try to delete less than MaxItemsToDisplayForBatchDel items
=> You must see the items details
5/ Try to delete more than MaxItemsToDisplayForBatchDel items
=> You must not see the items details but are allowed to delete them
6/ Try to modify less than MaxItemsToProcessForBatchMod items
=> You must see the items details
7/ Try to modify more than MaxItemsToProcessForBatchMod items
=> You must be restricted and not allowed to process

Signed-off-by: Laurence Rault <laurence.rault@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6b2c55ecdd7ad128c7ec923e70b13b1f287c7d00)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit bb5adfa7f959d80dd079b058ec67f0d3fc276d09)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 11490: Add prefs MaxItemsToProcessForBatchMod and MaxItemsToDisplayForBatchDel
Jonathan Druart [Wed, 11 May 2016 13:10:41 +0000 (14:10 +0100)]
Bug 11490: Add prefs MaxItemsToProcessForBatchMod and MaxItemsToDisplayForBatchDel

Signed-off-by: Laurence Rault <laurence.rault@biblibre.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 20f42350488ccd2795af3863ab1954d22b92eeae)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 3e37c9db1760137bfc8a575590125c7d1b6aefa4)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16975 : @INC should not have '.' as its last entry
Chris Cormack [Mon, 25 Jul 2016 20:57:50 +0000 (08:57 +1200)]
Bug 16975 : @INC should not have '.' as its last entry

To Test
1/ Try using a plugin
2/ Apply patch
3/ Test plugin still works

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 28eae42d2d09c14d0bb1bd3e1655714b33711ab3)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 1cf1c89f304fd2d84a1264041e8834444d1c8bf3)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16878: Fix XSS in opac-memberentry
Jonathan Druart [Fri, 22 Jul 2016 07:30:54 +0000 (08:30 +0100)]
Bug 16878: Fix XSS in opac-memberentry

The vars are gotten from the url and sent to the template as it. They
must be escaped.

Test plan:
I have not managed to create the original issue, so there is no test
plan for the XSS fix, but you can confirm there is no regression.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 9bdea2e3691fd62e777cc974f89b867a69eec9a8)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit b505c6b7d636f262eadef82984b83b5194438724)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16988 - Suspending a hold with AutoResumeSuspendedHolds disabled results in error
Kyle M Hall [Wed, 27 Jul 2016 18:00:53 +0000 (18:00 +0000)]
Bug 16988 - Suspending a hold with AutoResumeSuspendedHolds disabled results in error

iUnless AutoResumeSuspendedHolds is enabled, attempting to suspend a
hold from reserve/request.pl results in the following error:

The given date (undefined) does not match the date format (us) at
/home/vagrant/kohaclone/Koha/DateUtils.pm line 152.

Test Plan:
1) Enable SuspendHoldsIntranet
2) Disable AutoResumeSuspendedHolds
3) Attempt to suspend or unsuspend a hold
4) Note the error
5) Apply this patch
6) Repeat step 3
7) The hold should suspend or resume correctly

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Megan Wianecki <mwianecki@mtpl.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 91bc9451d0378d65100c828776b09395e4c88199)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 3810c29f61ebcd815066f1be2abc08cbb2bdc0aa)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17022: Fix XSS in circ/branchtransfers.pl
Jonathan Druart [Tue, 2 Aug 2016 13:00:02 +0000 (14:00 +0100)]
Bug 17022: Fix XSS in circ/branchtransfers.pl

Test plan:
Enter the following in the barcode input:
    <script>alert('XSS')</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit c63d0b311b5e7ba882d19b9b8a71838256de98cf)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 46322ffc6e683d0583283e7485548d46c9586019)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17024: Fix XSS in tools/viewlog.pl
Jonathan Druart [Tue, 2 Aug 2016 13:32:46 +0000 (14:32 +0100)]
Bug 17024: Fix XSS in tools/viewlog.pl

Test plan:
    Hit /tools/viewlog.pl?do_it=1&modules=CATALOGUING&action=MODIFY&object=<script>alert("XSS")</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit f563ba795e4863328ff4930e7877caae9458206c)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 24664b719f9d09210f30d7f96fc025e08da8124e)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17026: Fix XSS in serials/checkexpiration.pl
Jonathan Druart [Tue, 2 Aug 2016 13:51:49 +0000 (14:51 +0100)]
Bug 17026: Fix XSS in serials/checkexpiration.pl

Test plan:
Hit:
 /serials/checkexpiration.pl?title="><script>alert("XSS")</script>&date=12/02/2002
 /serials/checkexpiration.pl?issn="><script>alert("XSS")</script>&date=12/02/2002

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 9d00353a92487dcde654d88206fd5458448fff1b)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit ec78a0d43fe8032d9eeb9272878129085c3c429f)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 17028: Fix XSS in reserve/request.pl
Jonathan Druart [Tue, 2 Aug 2016 14:41:49 +0000 (15:41 +0100)]
Bug 17028: Fix XSS in reserve/request.pl

Test plan:
Hit
  /cgi-bin/koha/reserve/request.pl?biblionumber=1"><script type="text/javascript">alert("XSS")</script>

=> Without this patch you will see the alert
=> With this patch, no more alert

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 66f81fc2101f194d39592bc28f3e2ff69764bc00)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 542c0dbbaa8bff5a101058e0e2397e21edf8f192)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 15397 - Pay selected does not works as expected
Kyle M Hall [Thu, 19 May 2016 13:28:02 +0000 (13:28 +0000)]
Bug 15397 - Pay selected does not works as expected

When patron has more fees (account lines) and you wan't to pay just some
of them, you select wanted lines a click on "pay selected" button. But
the fine isn't paid, the "amountoutstandig" is not modified, but it is
added new line with "pay" code an with amountoutstanding below zero.
Paying one or all fine works as expected. Paying selected worked some
time ago, but I don't know when it stopped working, we realize it after
upgrade to 3.22.

Test Plan:
1) Apply this patch
2) Pay fines using "Pay selected"
3) Note the payment and the fees outstanding balances are reduced!

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 537adde2d2f65ed9bb9a03a127b9906930d46353)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit c0e2610bda62b3890fd5416124bc9c1157c23d4d)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16573: Update DB rev (3.22.09.002)
Frédéric Demians [Mon, 1 Aug 2016 09:54:30 +0000 (09:54 +0000)]
Bug 16573: Update DB rev (3.22.09.002)

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16573: Define virtualshelves.created_on as datetime for existing installs
Jonathan Druart [Fri, 22 Jul 2016 08:51:00 +0000 (09:51 +0100)]
Bug 16573: Define virtualshelves.created_on as datetime for existing installs

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 44785935bd45291a2ae36a5c9ab65b1e6cf69c5b)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit d2b20b2a82ef73423ec6571967173083ba333501)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16573: change created_on type - atomic update
Bernardo Gonzalez Kriegel [Tue, 24 May 2016 21:12:11 +0000 (18:12 -0300)]
Bug 16573: change created_on type - atomic update

This patch change 'created_on' virtualshelves column to
datetime type

To test:
1) Apply the patch
2) Run updatedatabase.pl
3) Verify type of 'created_on' column

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 162b9015d9bfb23200d1bddff69be9384a33463b)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit ce68d9b7fd14f9959f18039b63ad3e7bea44213e)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16573: fix structure and sample data for MySQL 5.7
Bernardo Gonzalez Kriegel [Mon, 23 May 2016 20:06:01 +0000 (17:06 -0300)]
Bug 16573: fix structure and sample data for MySQL 5.7

Web install on Ubuntu 16.04/Mysql 5.7 fails.

This patch makes small changes to make installation
possible to kohastructure.sql and some sample files.

Sample values for quotes table can't have '0000-00-00 ...' values
nor NULL values, now() is perhaps an option.

Depends on Bug 16572

To test:
1) System with MySQL 5.7, for example Ubuntu 16.05
2) Apply 16572
3) Try web install, it fails
4) Apply this and next patch
5) Try again, now it succeed

This is only for English install, i18n files needs revision
I can do that if this is accepted.

Perphaps a change is needed to updatedatabase.pl

Ammended patch, 'created_on' field on virtualshelves
can't be timestamp default null, mysql 5.5 complains
that only one timestamp column can be defined as
default not null. Changed to 'datetime' type.

Can provide followup with updatedabase change,
but need an opinion if this type change makes sense.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 36b2b288a7b8a39530f0a1ba7a00396206640533)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 8955b1b7c56ebbcf350a57e3a794597e0ac2d70c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16573: fix linkid value on marc_subfield_structure
Bernardo Gonzalez Kriegel [Mon, 23 May 2016 19:58:03 +0000 (16:58 -0300)]
Bug 16573: fix linkid value on marc_subfield_structure

followup to previous patch.

This patch fixes linkid value. It was set to '', but
declared as tinyint.
Mysql < 5.7 replaced this with nearest right value, i.e 0
Mysql 5.7 gives error here.

Also some normalization, all lines with data begins with two tabs

To test:
On top of Bug 16572 and previous patch

1) Run webinstaller
2) Add mandatory values
3) There must be no problems on MySQL 5.7

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d00d46112df2dc1c3f823fbc2a8c347deb69cdb7)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 58bd47a462a008f2e5cb9cfa221ee5b0a0bd5826)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16934: Add test for ModOrder
Jonathan Druart [Thu, 21 Jul 2016 17:23:00 +0000 (18:23 +0100)]
Bug 16934: Add test for ModOrder

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7adb8861aa352afdfd300bc50d03af450e26468f)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 043c8f105b12a0bc52c14048b387c3b4b4b16d96)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16934 - Cannot add notes to canceled and deleted order line
Kyle M Hall [Mon, 18 Jul 2016 11:02:14 +0000 (11:02 +0000)]
Bug 16934 - Cannot add notes to canceled and deleted order line

Some librarians would like to be able to add notes to deleted order
lines to keep track of data such as what title the order line was for.
For some reason ModOrder dies if a biblionumber is passed in, even
though it does not use biblionumber and does not need it to exist in any
fashion! This limitation should be removed.

Test Plan:
1) Create a basket with an orderline
2) Cancel the order / delete the record
3) Click the "Add internal note" link for that order line
4) Fill in a note and click "Save"
5) Note the error
6) Apply this patch
7) Repeat steps 3-4
8) Note this time the note is saved!

Signed-off-by: Claire Gravely <c.gravely@arts.ac.uk>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7cc6f6eb45333e1f2041e53dcfdc31532880bd9f)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 43f7f6b0bddc3423220c7522569bce4f6f6d94fc)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16958: Fix XSS in opac-imageviewer.pl
Jonathan Druart [Fri, 22 Jul 2016 07:14:27 +0000 (08:14 +0100)]
Bug 16958: Fix XSS in opac-imageviewer.pl

Test plan:
Trigger
/opac-imageviewer.pl?biblionumber=14&imagenumber=7"><sCrIpT>alert(42)<%2fsCrIpT>

=> Without this patch you will see the JS alert
=> With this patch applied you won't see it

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 65918b146cd88f38a9d894be8175d049ea70d05f)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit a3e2ea765f2e34f397fa9e1236dbc4e837311f88)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
5 years agoBug 16716: Replaced wrong GROUP BY with DISTINCT
Srdjan [Mon, 13 Jun 2016 03:35:56 +0000 (15:35 +1200)]
Bug 16716: Replaced wrong GROUP BY with DISTINCT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 52ac9a1ca3990102c3c635e3d9af06aae29f73e1)
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
(cherry picked from commit 16b97e21d0ed13e5f38987c64db55ae15d944dc3)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>