[Koha-bugs] [Bug 35072] New: Invalid usage of "& " in JavaScript intranet-tmpl script redirects
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Tue Oct 17 09:36:59 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35072
Bug ID: 35072
Summary: Invalid usage of "&" in JavaScript intranet-tmpl
script redirects
Change sponsored?: ---
Product: Koha
Version: 23.05
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Templates
Assignee: oleonard at myacpl.org
Reporter: schodkowy.omegi-0r at icloud.com
QA Contact: testopia at bugs.koha-community.org
There are several files under `koha-tmpl/intranet-tmpl/prog/js/**.js`, where
`&` character in the URLs is incorrectly replaced with `&`.
In practice, `&` should only ever be used a part of HTML elements, for
example inside of <a href=""> link. Using it in JS redirects such as
`window.location="addbiblio.pl?op=delete&biblionumber=` is incorrect!
The `&` part is preserved like this by both the web browser and the web
server.
This creates several bugs, such as the one I've encountered and managed to
trace back to this very issue. For example this makes you unable to delete a
biblio record in admin interface AT ALL. To reproduce just install a fresh Koha
installation, import a record and try to delete it. It would redirect you to
the search.pl page, but nothing would happen.
I traced the above to this:
https://github.com/Koha-Community/Koha/blob/f27ed123be8ac1f0ecd76cd54ed9c2a8e591aefe/koha-tmpl/intranet-tmpl/prog/js/catalog.js#L55
Which causes the variable `$biblionumber` to be null here:
https://github.com/Koha-Community/Koha/blob/f27ed123be8ac1f0ecd76cd54ed9c2a8e591aefe/cataloguing/addbiblio.pl#L488
Which causes the `$frameworkcode` variable to be unpopulated here:
https://github.com/Koha-Community/Koha/blob/f27ed123be8ac1f0ecd76cd54ed9c2a8e591aefe/cataloguing/addbiblio.pl#L510-L511
Which causes the following warnings:
```
[2023/10/17 09:04:43] [WARN] Use of uninitialized value $frameworkcode in
string eq at /usr/share/koha/intranet/cgi-bin/cataloguing/addbiblio.pl line
513.
[2023/10/17 09:04:43] [WARN] Use of uninitialized value $frameworkcode in
string eq at /usr/share/koha/intranet/cgi-bin/cataloguing/addbiblio.pl line
517.
[2023/10/17 09:04:43] [WARN] Use of uninitialized value $frameworkcode in
string eq at /usr/share/koha/intranet/cgi-bin/cataloguing/addbiblio.pl line
536.
```
I did a quick search, and found out that these files need to be corrected:
* koha-tmpl/intranet-tmpl/prog/js/catalog.js
* koha-tmpl/intranet-tmpl/prog/js/members-menu.js
* koha-tmpl/intranet-tmpl/prog/js/holds.js
* koha-tmpl/intranet-tmpl/prog/js/cart.js
* koha-tmpl/intranet-tmpl/prog/js/ill-list-table.js
* koha-tmpl/intranet-tmpl/prog/js/pages/results.js
I ended up submitting it as bug, as it will probably be much faster to get
submitted and approved by someone who already has a dev workflow set up to
contribute the patch...
Not sure if the severity I used is okay, but this prevents many features in the
UI from working properly at all, so I think it is pretty important to fix this
quickly. The random bugs/partial breakage this can cause can make
hard-to-notice and hard-to-trace problems appear...
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list