From gitmaster at git.koha-community.org Mon Oct 1 18:43:40 2018 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 01 Oct 2018 16:43:40 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v18.05.00-882-gccc4097 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via ccc40975e3cda7966b67be297dd16891aa8dc314 (commit) via c80074077dc7d1ff2652cf810160497e05ec426f (commit) via 903cf19f9ca5cc9a8effa776efd51321681dc583 (commit) via 28a1a90b3dace9207fd26a753ab222ba298bcb99 (commit) via c90fa4182e6fb78c2c09958d9671c2b61943412f (commit) via a33826454bf01d7de1e5b5a57467cef14f96d419 (commit) via 441af54fc629e40157d050aa027c601c10e3f67d (commit) via 1dcb6f28ee91fe7661b546150279c7388286ff2f (commit) via fc3bc961095280ba60db72b466762339f9d05905 (commit) via 34058bb6d0497079e7957933b364e76ad88ba765 (commit) via 82ec758f18ba5b2600c065245fb68a3f177dcba8 (commit) via fa8cda129ef5c71042334083ee13aecb56ed7ab6 (commit) via 48c0e8952a46a5a3eef6cae138c88b1ae22b0986 (commit) via 7ff2b8d5e22e5333f51426c481bbfe83ae1ddc47 (commit) via 8cb8223e12d5e311e59813c1ba03835c0b50670e (commit) via eb4be268d8d66ae0b7ca803ecf270a688fc6aea1 (commit) via 7825ff69c2acd2a390b18402e2813fdd9d0b4774 (commit) via 2f1cba8b31063ea81862abd37aae009072b1fb15 (commit) via 311b9dccbc60f05421416f402627b78e5efb5542 (commit) via 36a52382227aecca98f8b57314d4374a60a99227 (commit) via f0988e414edfde2d7155eedb532b32d43c32109f (commit) via c9b0570864ae7e1a510f918e931d8de85d8309a3 (commit) via 4c7246d6768178b558678e2bdf7c5174508532c6 (commit) via 1814ae1769ead4d16e0fe26e871483339f2715cb (commit) via edb627bcf275c037879622ec07d807d2186c98e0 (commit) via 8b1bda9ed8507745b4002199d9aae95c2cbb31fb (commit) via a002d12888c1e56910a32f28514a59d9a1d9363d (commit) via 448dd50cf59b96e5abbb84f7717ca43f593c05e5 (commit) via d68d8f4f3672256fbd233310d1d4aa5857c28a8c (commit) via d98ee2ad8bafebd877ccb85180f37e0b54d79e4c (commit) via 7d56a5fe00c3804d6f0a7709fd6deef1a6bcf9e3 (commit) via 3ad96419a760c4519e38d685b906f013e9932fee (commit) via 54e2f2b5b282c6e4a5c2f04107b274fa075b862d (commit) via 4bf594c9de4e06d79413459f2146a2d1e448fb11 (commit) via cee35f3a7881d6cde4184ac4045e1c221eb03108 (commit) via 142230bdde0b67bfdc7c6bd4ec0c2f224c9ebacd (commit) via 0aa69ea795a7e19b19e9124ff99a6be19e77e5dc (commit) via 9df099dc114d0101ef1091c30662a537e53e9826 (commit) via 0862f7776942ebf64615d57f94982586d00c34ee (commit) via 4fe0b3501851a6f5a05645ca76ce9d4287667cc5 (commit) via 0bd485947f7554657e61f050cd5204ebb40d04c0 (commit) via 2c57361533f21218d326832ca0a2134b358d31b7 (commit) via 658638a48f20128ebe8cabae92c33af2a50abb16 (commit) via d1d5c48deb58085b4d4b49997675bab35d5ff44b (commit) via d37da4d24fc07c5caf04960238a77c81fb95eabc (commit) via f6e86dc0cab2bcd4e8477f639fd600d27d387180 (commit) via e81756b317da848a6e6346a7c0db8f3b986f7058 (commit) via 623f1db90ac8d0361a879813c66a4bccbf0ea23e (commit) via 5edd363a1f2e3b1ea34f3f2aa7ace86cbf467df8 (commit) via 77871b408c9a8e120f8415cc0b32683ee8f57e7d (commit) via 92a2d74c1c134674b9798981208b9ad5863a6b42 (commit) via 39f48130416132063dfb7b44bcb8bf2344f1b9ef (commit) via 6d75ae942a7f51cd5ea5191b625df20efadea297 (commit) via de40463a7fa2be0fe090ef64b2bfffe928607adc (commit) via f3c2eae74c69fea3dfc0e453a07f2b2461330c49 (commit) via fca5a1cb3dba5d6561eaf5f30dfd4d996a4042cc (commit) via 013c116d59b14681bff1c18c9225ea4e31627a28 (commit) via 4a5df8c5ae4b95d17ae2d93f3c35012a483cf836 (commit) from 705571a2b870fbb652ca210e32ee3e7ca050e75f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ccc40975e3cda7966b67be297dd16891aa8dc314 Author: Nick Clemens Date: Mon Oct 1 16:29:20 2018 +0000 Bug 17602: DBRev 18.06.00.034 Signed-off-by: Nick Clemens commit c80074077dc7d1ff2652cf810160497e05ec426f Author: Nick Clemens Date: Mon Oct 1 16:10:06 2018 +0000 Bug 17602: Compiled CSS Signed-off-by: Nick Clemens commit 903cf19f9ca5cc9a8effa776efd51321681dc583 Author: Nick Clemens Date: Mon Oct 1 14:24:27 2018 +0000 Bug 17602: (RM follow-up) QA tool issues Signed-off-by: Nick Clemens commit 28a1a90b3dace9207fd26a753ab222ba298bcb99 Author: Nick Clemens Date: Fri Sep 21 19:00:28 2018 +0000 Bug 17602: Move spinner location to include file Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit c90fa4182e6fb78c2c09958d9671c2b61943412f Author: Nick Clemens Date: Wed Sep 12 21:10:13 2018 +0000 Bug 17602: (QA follow-up) Fix tests Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit a33826454bf01d7de1e5b5a57467cef14f96d419 Author: Jonathan Druart Date: Tue Jun 19 15:04:03 2018 -0300 Bug 17602: Use Asset TT plugin and fix indentation Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 441af54fc629e40157d050aa027c601c10e3f67d Author: Nick Clemens Date: Thu Apr 5 16:49:58 2018 +0000 Bug 17602: (follow-up) Adjust js paths to use version add spinner Also included recompiled version of opac.css that we forgot. Signed-off-by: Srdjan Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 1dcb6f28ee91fe7661b546150279c7388286ff2f Author: Srdjan Date: Mon Nov 27 17:38:58 2017 +1300 Bug 17602: Removed unused param to RecordedBooks API Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit fc3bc961095280ba60db72b466762339f9d05905 Author: Srdjan Date: Mon Nov 27 17:38:02 2017 +1300 Bug 17602: fix RecordedBooks results pagination Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 34058bb6d0497079e7957933b364e76ad88ba765 Author: Srdjan Date: Mon Nov 13 14:25:33 2017 +1300 Bug 17602: Translations rework Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 82ec758f18ba5b2600c065245fb68a3f177dcba8 Author: Jonathan Druart Date: Wed Nov 8 10:18:53 2017 -0300 Bug 17602: Fix few minor QA issues Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit fa8cda129ef5c71042334083ee13aecb56ed7ab6 Author: Jonathan Druart Date: Wed Nov 8 10:13:35 2017 -0300 Bug 17602: Adapt test plan to make the tests pass Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 48c0e8952a46a5a3eef6cae138c88b1ae22b0986 Author: Jonathan Druart Date: Wed Nov 8 10:06:49 2017 -0300 Bug 17602: Handle '60+' if there are more than 60 results The service returns "60+" if there are more than 60 results. Without this patch the "Found %s results in RecordedBooks collection" line is removed. Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 7ff2b8d5e22e5333f51426c481bbfe83ae1ddc47 Author: Jonathan Druart Date: Wed Nov 8 10:06:30 2017 -0300 Bug 17602: Ease translation Use String.format() to make translation easier Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 8cb8223e12d5e311e59813c1ba03835c0b50670e Author: Srdjan Date: Tue Oct 10 14:26:22 2017 +1300 Bug 17602: (follow-up) t/Koha_ExternalContent_RecordedBooks.t Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit eb4be268d8d66ae0b7ca803ecf270a688fc6aea1 Author: Srdjan Date: Fri Sep 23 18:13:10 2016 +1200 Bug 17602: OPAC integration of RecordedBooks Add RecordedBooks to the users page in the public interface To Test: 1/ Apply all 3 patches 2/ Set the sysprefs to valid values (you will need a test account with RecordedBooks) 3/ Try a search 4/ Login to the OPAC, try to place a hold, or check an item out 5/ Check the opac-user page, see if your items are showing on the oneclickdigital tab Signed-off-by: Nick Clemens Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 7825ff69c2acd2a390b18402e2813fdd9d0b4774 Author: Srdjan Date: Fri Sep 23 18:08:30 2016 +1200 Bug 17602: RecordedBooks Integration to Koha This patch introduces the required sysprefs and Koha::ExternalContent::RecordedBooks Koha::ExternalContent::RecordedBooks - a wrapper around WebService::ILS::RecordedBooks::PartnerPatron RecordedBooks* sysprefs Nothing functional to test with this patch yet. But you can run the tests that come with it t/db_dependent/Koha_ExternalContent_RecordedBooks.t Signed-off-by: Nick Clemens Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 2f1cba8b31063ea81862abd37aae009072b1fb15 Author: Srdjan Date: Tue Apr 18 14:33:38 2017 +1200 Bug 17602: Koha::ExternalContent->koha_patron() will retutn undef rather than die if user not logged in Signed-off-by: Nick Clemens Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 311b9dccbc60f05421416f402627b78e5efb5542 Author: Owen Leonard Date: Wed May 2 18:37:11 2018 +0000 Bug 21437: Update two-column templates with Bootstrap grid: Patron lists This patch modifies the patron lists templates to use the Bootstrap grid instead of YUI. This patch also removes obsolete "text/javascript" attributes from ' %] [% x | $Price %] => Display '0.00' Signed-off-by: Kyle M Hall Signed-off-by: Nick Clemens commit d98ee2ad8bafebd877ccb85180f37e0b54d79e4c Author: Jonathan Druart Date: Sat Sep 29 13:09:59 2018 -0300 Bug 21454: Update the tests Signed-off-by: Kyle M Hall Signed-off-by: Nick Clemens commit 7d56a5fe00c3804d6f0a7709fd6deef1a6bcf9e3 Author: Jonathan Druart Date: Fri Sep 21 12:33:19 2018 -0300 Bug 21393: Add line nubmers to ease fixing Signed-off-by: Josef Moravec Signed-off-by: Katrin Fischer Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit 3ad96419a760c4519e38d685b906f013e9932fee Author: Jonathan Druart Date: Fri Sep 21 12:03:05 2018 -0300 Bug 21393: Add tests Signed-off-by: Josef Moravec Signed-off-by: Katrin Fischer Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit 54e2f2b5b282c6e4a5c2f04107b274fa075b862d Author: Jonathan Druart Date: Fri Sep 21 10:26:03 2018 -0300 Bug 21393: Move missing filters code to a module To make it reusable easily from QA test tools https://gitlab.com/koha-community/qa-test-tools/issues/3 Signed-off-by: Josef Moravec Signed-off-by: Katrin Fischer Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit 4bf594c9de4e06d79413459f2146a2d1e448fb11 Author: Nick Clemens Date: Mon Oct 1 12:57:47 2018 +0000 Bug 12027: (follow-up) Add missing filter Signed-off-by: Nick Clemens commit cee35f3a7881d6cde4184ac4045e1c221eb03108 Author: Julian Maurice Date: Wed Sep 26 16:18:25 2018 +0200 Bug 12027: (QA follow-up) Fix spelling and tab characters Signed-off-by: Julian Maurice Signed-off-by: Nick Clemens commit 142230bdde0b67bfdc7c6bd4ec0c2f224c9ebacd Author: Martin Renvoize Date: Fri Apr 28 15:23:18 2017 +0100 Bug 12027: (QA follow-up) Update tests Signed-off-by: Julian Maurice Signed-off-by: Nick Clemens commit 0aa69ea795a7e19b19e9124ff99a6be19e77e5dc Author: Martin Renvoize Date: Tue Jan 27 13:34:14 2015 +0000 Bug 12027: (follow-up) Added missing documentation Signed-off-by: Nick Clemens Signed-off-by: Julian Maurice Signed-off-by: Nick Clemens commit 9df099dc114d0101ef1091c30662a537e53e9826 Author: Martin Renvoize Date: Thu Jul 31 06:21:55 2014 +0000 Bug 12027: Added shibboleth authentication to the staff client - This patch adds shibboleth authentication to the staff client. - Depending upon how your url structure works, you may or may not need a second native shibboleth service provider profile configured for this to work. Signed-off-by: Nick Clemens Signed-off-by: Julian Maurice Signed-off-by: Nick Clemens commit 0862f7776942ebf64615d57f94982586d00c34ee Author: Jonathan Druart Date: Wed Sep 19 19:54:35 2018 -0300 Bug 17877: Add the order's notes to the table This patch adds the vendor and internal note from the acquisition order to the subscription detail page Test plan: - Create an order from a subscription, fill the internal and vendor notes - Go to the subscription's detail page - Confirm that the columns are displayed in the "Acquisition details" table and contain the correct values - Make sure the "Home ? Administration ? Columns settings" admin page let you hide them by default (for those who will not need them). Signed-off-by: S?verine QUEUNE Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit 4fe0b3501851a6f5a05645ca76ce9d4287667cc5 Author: Jonathan Druart Date: Wed Sep 19 19:45:12 2018 -0300 Bug 17877: Add columns settings to the orders table on subscription-detail Test plan: - Apply this patch and make sure to restart memcached (to re-read the yaml file that is cached) - Go to Home ? Administration ? Columns settings - Confirm that a new "Serials" tab contain the different columns of the "Acquisition details" table displayed on the subscription detail page (if an order exist for this subscription) - Play with it - Go to Home ? Serials ? Details for subscription #ID - Confirm that the "Column visibility" button is now displayed on top of the table that it works correctly. Signed-off-by: S?verine QUEUNE Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit 0bd485947f7554657e61f050cd5204ebb40d04c0 Author: Kyle M Hall Date: Wed Sep 12 09:38:42 2018 -0700 Bug 21340: Add spans with classes around callnumbers in OPAC for additional styling It would be nice if the callnumber portion of the callnumber + label was in a span, and it also makes sense to wrap the entire callnumber string in a span as well. Signed-off-by: Petter Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit 2c57361533f21218d326832ca0a2134b358d31b7 Author: Jonathan Druart Date: Sat Jul 28 12:42:31 2018 -0300 Bug 21166: Add column settings to the acquisition table on bib detail Sponsored-by: BULAC - http://www.bulac.fr/ Signed-off-by: S?verine QUEUNE Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit 658638a48f20128ebe8cabae92c33af2a50abb16 Author: Nick Clemens Date: Mon Oct 1 12:04:23 2018 +0000 Bug 12747: DBRev 18.06.00.033 Signed-off-by: Nick Clemens commit d1d5c48deb58085b4d4b49997675bab35d5ff44b Author: Katrin Fischer Date: Mon Sep 24 20:55:39 2018 +0000 Bug 12747: (QA follow-up) Rephrase system preference description Just a suggestion for a little change to the pref description. Signed-off-by: Nick Clemens commit d37da4d24fc07c5caf04960238a77c81fb95eabc Author: Charles Farmer Date: Wed Aug 29 11:43:49 2018 -0400 Bug 12747: (QA follow-up) Treat 010 according to marcflavour Signed-off-by: S?verine QUEUNE Signed-off-by: S?verine QUEUNE Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit f6e86dc0cab2bcd4e8477f639fd600d27d387180 Author: David Bourgault Date: Fri May 4 15:38:11 2018 -0400 Bug 12747: Add extra column in Z3950 search This patch makes it possible to add an extra column to Z3950 search results. The system preference AdditionalFieldsInZ3950ResultSearch decides which MARC field/subfields are displayed in the column. Testing: I Apply the patch II Run updatedatabase.pl ACQUISITIONS 0) Enter a field/subfield in the AdditionalFieldsInZ3950ResultSearch 1) Create a new basket or use an existing one 2) In -Add order to basket-, click "From an external source" 3) Select some search targets and enter a subject heading ex. house 4) Click Search bouton 5) Validate "Additional fields" column with the field/subfield value. CATALOGUING 0) Shares same syspref as above 1) Go to cataloguing, click New from z3950 2) Fill to result in a successful search 3) Validate column Addition Fields prove t/db_dependent/Breeding.t Sponsored-by: CCSR (https://ccsr.qc.ca) Signed-off-by: Katrin Fischer Signed-off-by: S?verine QUEUNE Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit e81756b317da848a6e6346a7c0db8f3b986f7058 Author: Colin Campbell Date: Thu Sep 27 12:25:28 2018 +0100 Bug 21425: Display basketno correctly in Order error msg carp will display the hash value instead of the desired basketno in the error message unless we change its behaviour Use the simpler but effective option of concatenating the errormessage with the basketno. Error is shown if no sender or receipient ean is passed in instantiating an Koha::Edifact::Order object Signed-off-by: Kyle M Hall Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 623f1db90ac8d0361a879813c66a4bccbf0ea23e Author: Mark Tompsett Date: Wed Sep 26 22:57:32 2018 +0000 Bug 13272: (follow-up) add missing type="text" This addresses comment #13. This also applies cleanly. Signed-off-by: Owen Leonard Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 5edd363a1f2e3b1ea34f3f2aa7ace86cbf467df8 Author: Mark Tompsett Date: Wed Sep 19 18:49:02 2018 +0000 Bug 13272: (follow-up) Replace tabs with spaces Cleaned up whitespace issues tab vs. space in template. After applying all patches: git diff -w origin/master For the koha-tmpl/intranet-tmpl/prog/en/modules/circ/returns.tt only the changed type="text" lines will show, but without the -w, there will be more whitespace changes. Signed-off-by: Owen Leonard Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 77871b408c9a8e120f8415cc0b32683ee8f57e7d Author: Mark Tompsett Date: Wed Sep 19 16:48:13 2018 +0000 Bug 13272: (follow-up) fix concerns from comment #5 Correct the two issues I pointed out. Signed-off-by: Owen Leonard Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 92a2d74c1c134674b9798981208b9ad5863a6b42 Author: Christopher Brannon Date: Sun Sep 16 22:06:10 2018 +0000 Bug 13272: Adds type="text" to inputs missing it Signed-off-by: Owen Leonard Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 39f48130416132063dfb7b44bcb8bf2344f1b9ef Author: Josef Moravec Date: Tue Sep 25 07:04:03 2018 +0000 Bug 21404: Refactor _build_query subroutines Test plan: 1) Apply the patch 2) prove t/db_dependent/Breeding.t 3) Try to search using Z39.50, both, authority and biblio should still work Signed-off-by: Owen Leonard Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit 6d75ae942a7f51cd5ea5191b625df20efadea297 Author: Josef Moravec Date: Tue Sep 25 06:33:02 2018 +0000 Bug 21404: Update test Signed-off-by: Owen Leonard Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit de40463a7fa2be0fe090ef64b2bfffe928607adc Author: Josef Moravec Date: Tue Sep 25 06:04:30 2018 +0000 Bug 21404: Remove unused variables in C4::Breeding->_auth_build_query Signed-off-by: Owen Leonard Signed-off-by: Katrin Fischer Signed-off-by: Nick Clemens commit f3c2eae74c69fea3dfc0e453a07f2b2461330c49 Author: Josef Moravec Date: Thu Sep 6 09:46:35 2018 +0000 Bug 21318: Add control number as an option to search authority using Z39.50 1) Apply the patch 2) Go to administration and set up a z39.50 authority server, which does support searching by control number (use attribute 12), you can use czech national library server: host: aleph.nkp.cz port: 9991 base: aut-utf format: MARC21 encoding: UTF-8 3) Try to find an authority by control number using z39.50 - if you use the server recomended in point 2) there is web access to the base at http://aleph.nkp.cz/eng/aut Signed-off-by: Michal Denar Signed-off-by: Katrin Fischer Fixed a typo in a code comment and a whitespace issue in the template. Signed-off-by: Nick Clemens commit fca5a1cb3dba5d6561eaf5f30dfd4d996a4042cc Author: Andrew Isherwood Date: Thu Aug 30 10:52:43 2018 +0100 Bug 21289: Fix "isa" bug during partner request We cannot call 'handle_commit_maybe' inside a 'try' block. handle_commit_maybe redirects the client then calls 'exit', this is interpreted as an error and the 'catch' block is erroneously called. This patch moves the calling of 'handle_commit_maybe' outside the try block, it will only be reached if everything inside the try block suceeds. To test: 1) Enable ILL and have the FreeForm backend available 2) Create a patron category to hold ILL "partners" to whom requests can be sent. The category can be called anything, you should note the code you assign 3) Create a patron that belongs to your new category, the patron must have a primary email defined. 4) In your block in koha-conf.xml, ensure you have a element, it should contain the code you assigned in step 2 5) Create an ILL request using the FreeForm backend 6) Once the request is created, select the "Place request with partners" button 7) Select your "partner" from the "Select partner libraries" box 8) Click "Send email" 9) TEST: Observe no errors are displayed in the UI Signed-off-by: Barry Cannon Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 013c116d59b14681bff1c18c9225ea4e31627a28 Author: Mark Tompsett Date: Tue Jun 7 22:48:57 2016 -0400 Bug 16690: Simplify SHOW GRANTS to work when connected If the DB is on a remote machine, the web server and the db server are different, but the SHOW GRANTS code in installer/install.pl is trying to use the SAME machine. And even if the permissions were allowed accessing from both the web and db servers, MySQL won't return the SHOW GRANTS without access to the mysql.user table. To install *.* permissions became easiest to get working. Unless the DB is set up with 'user'@'%', which is also a potential security issue. MySQL / MariaDB allow the current connected user to check their own grants with CURRENT_USER. There is no need for the installer to know the IP address of the webserver. This also removes the need to have permissions for 'koha_kohadev'@'%', because the only process to be accessing the koha DB is from a known host/ip. This tightens security too. TEST PLAN --------- Install 2 fresh VMs from a Debian ISO. Make sure they are on the same network (192.168.50.x) as the kohadevbox. You will need to remember one as DB_IPADDRESS. On the DB VM & Third VM: sudo apt-get install mariadb-server mariadb-client net-tools -- the third vm just needs to be able to run mysql to access the DB VM. On DB VM: sudo vi /etc/mysql/mariadb.conf.d/50-server.cnf -- make sure the bind-address line is commented out with a # sudo service mariadb restart -- congratulations, your DB server is listening to remote calls now. sudo mysql -u root CREATE DATABASE koha_kohadev; GRANT ALL PRIVILEGES ON `koha_kohadev`.* TO 'koha_kohadev'@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; -- now you have an empty DB ready to run a web install on. However, because only koha_kohadev from localhost is allowed, we expect failure when we try to run the web installation step when we get there. Let's confirm that everything is working as expected before trying. It will also demonstrate the reason why this patch is superior to the existing code. On a kohadevbox: mysql -u koha_kohadev -h DB_IPADDRESS -p -- this should be denied On DB VM: DROP USER 'koha_kohadev'@'localhost'; GRANT ALL PRIVILEGES ON `koha_kohadev`.* TO 'koha_kohadev'@'%' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; On a kohadevbox: mysql -u koha_kohadev -h DB_IPADDRESS -p -- this should give you a SQL prompt SHOW GRANTS FOR CURRENT_USER; -- this should show two lines based on 'koha_kohadev'@'%'; SHOW GRANTS FOR 'koha_kohadev'@'192.168.50.10'; -- this should give an access denied error. SHOW GRANTS FOR 'koha_kohadev'@'%'; -- this should show two lines based on 'koha_kohadev'@'%'; QUIT -- This case requires the unless code currently in place, because we aren't checking CURRENT_USER. On DB VM: DROP USER 'koha_kohadev'@'%'; GRANT ALL PRIVILEGES ON `koha_kohadev`.* TO 'koha_kohadev'@'192.168.50.10' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; On a kohadevbox: mysql -u koha_kohadev -h DB_IPADDRESS -p -- this should give you a SQL prompt SHOW GRANTS FOR CURRENT_USER; -- this should show two lines based on 'koha_kohadev'@'%'; SHOW GRANTS FOR 'koha_kohadev'@'192.168.50.10'; -- this should show two lines based on 'koha_kohadev'@'192.168.50.10'; SHOW GRANTS FOR 'koha_kohadev'@'%'; -- this should give an access denied error. QUIT -- This case demonstrates that we have two failure points: 1) The GRANT command by the DB Admin and 2) The koha-conf.xml setting. This is why CURRENT_USER is superior: only (2) is the failure point. On DB VM: GRANT ALL PRIVILEGES ON `koha_kohadev`.* TO 'koha_kohadev'@'%' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; SELECT host,user FROM mysql.user; -- Should see both koha_kohadev for 192.168.50.10 and %. On a kohadevbox: mysql -u koha_kohadev -h DB_IPADDRESS -p -- this should give you a SQL prompt SHOW GRANTS FOR CURRENT_USER; -- this should show two lines based on 'koha_kohadev'@'192.168.50.10'; SHOW GRANTS FOR 'koha_kohadev'@'192.168.50.10'; -- this should show two lines based on 'koha_kohadev'@'192.168.50.10'; SHOW GRANTS FOR 'koha_kohadev'@'%'; -- this should give an access denied error. QUIT -- This case doesn't need the unless. CURRENT_USER still just works. On an third VM on the same network: mysql -u koha_kohadev -h DB_IPADDRESS -p -- this should give you a SQL prompt SHOW GRANTS FOR CURRENT_USER; -- this should show two lines based on 'koha_kohadev'@'%'; SHOW GRANTS FOR 'koha_kohadev'@'192.168.50.10'; -- this should give an access denied error. SHOW GRANTS FOR 'koha_kohadev'@'%'; -- this should show two lines based on 'koha_kohadev'@'%'; QUIT -- This case demonstrates that it may be more open than a DB administrator would prefer. And notice, CURRENT_USER still just works. On DB VM: DROP USER 'koha_kohadev'@'192.168.50.10'; DROP USER 'koha_kohadev'@'%'; GRANT ALL PRIVILEGES ON *.* TO 'koha_kohadev'@'%' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; -- This basically give koha_kohadev free reign to do pretty dangerous stuff. On an third VM on the same network: mysql -u koha_kohadev -h DB_IPADDRESS -p -- this should give you a SQL prompt SHOW GRANTS FOR CURRENT_USER; -- this should show a line based on 'koha_kohadev'@'%'; SHOW GRANTS FOR 'koha_kohadev'@'192.168.50.10'; -- this should give a no such grant error. SHOW GRANTS FOR 'koha_kohadev'@'%'; -- this should show two lines based on 'koha_kohadev'@'%'; QUIT -- This case demonstrates that it may be more open than a DB administrator would prefer. And notice, CURRENT_USER still just works. In the old code, both cases were literally checked. This tweak is an optimization which doesn't require setting permissions to the mysql.user table. Without it, the code says the user doesn't have permissions to check the show grants. This issue is not visible to the user, because both cases are checked. On DB VM: SELECT host,user FROM mysql.user; -- for each one do an appropriate DROP USER 'user'@'host'; GRANT ALL PRIVILEGES ON `koha_kohadev`.* TO 'koha_kohadev'@'192.168.50.10' IDENTIFIED BY 'password'; On kohadevbox: -- Make sure the /etc/koha/sites/kohadev/koha-conf.xml points to the DB VM. -- Make sure a web install runs correctly On third VM: -- Make sure unable to connect as koha_kohadev/password. Signed-off-by: Martin Renvoize Signed-off-by: Jonathan Druart I have not followed the whole test plan but trusting author and SO Changes make sense to me Signed-off-by: Nick Clemens commit 4a5df8c5ae4b95d17ae2d93f3c35012a483cf836 Author: Nick Clemens Date: Wed Sep 26 10:17:01 2018 +0000 Bug 13618: (follow-up) Pass opacuser_js from plugins as raw We expect this field to contain script tags, html processing breaks them Signed-off-by: Nick Clemens ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 6 +- C4/Auth_with_shibboleth.pm | 37 ++- C4/Breeding.pm | 103 ++++-- C4/Letters.pm | 9 +- Koha.pm | 2 +- Koha/Edifact/Order.pm | 8 +- Koha/ExternalContent.pm | 2 +- Koha/ExternalContent/OverDrive.pm | 11 +- Koha/ExternalContent/RecordedBooks.pm | 122 +++++++ acqui/ordered.pl | 3 + acqui/spent.pl | 5 +- admin/columns_settings.yml | 50 +++ cataloguing/z3950_auth_search.pl | 3 + ill/ill-requests.pl | 12 +- installer/data/mysql/sysprefs.sql | 4 + installer/data/mysql/updatedatabase.pl | 21 ++ installer/install.pl | 30 +- koha-tmpl/intranet-tmpl/lib/d3c3/c3.min.css | 1 + koha-tmpl/intranet-tmpl/lib/d3c3/c3.min.js | 6 + koha-tmpl/intranet-tmpl/lib/d3c3/d3.min.js | 5 + .../intranet-tmpl/prog/css/src/staff-global.scss | 4 + koha-tmpl/intranet-tmpl/prog/css/staff-global.css | 2 +- .../intranet-tmpl/prog/en/includes/adv-search.inc | 4 +- .../prog/en/includes/blocked-fines.inc | 2 +- .../prog/en/includes/borrower_debarments.inc | 2 +- .../intranet-tmpl/prog/en/includes/cat-search.inc | 5 +- .../prog/en/includes/cataloging-search.inc | 4 +- koha-tmpl/intranet-tmpl/prog/en/includes/chart.inc | 96 ++++++ .../prog/en/includes/checkin-search.inc | 2 +- .../intranet-tmpl/prog/en/includes/circ-search.inc | 4 +- .../intranet-tmpl/prog/en/includes/holds_table.inc | 2 +- .../intranet-tmpl/prog/en/includes/home-search.inc | 4 +- .../prog/en/includes/patron-search.inc | 4 +- .../prog/en/includes/reports-toolbar.inc | 7 + koha-tmpl/intranet-tmpl/prog/en/modules/about.tt | 6 + .../prog/en/modules/acqui/acqui-home.tt | 16 +- .../intranet-tmpl/prog/en/modules/acqui/basket.tt | 44 +-- .../prog/en/modules/acqui/basketgroup.tt | 4 +- .../prog/en/modules/acqui/csv/basketgroup.tt | 8 +- .../intranet-tmpl/prog/en/modules/acqui/invoice.tt | 34 +- .../intranet-tmpl/prog/en/modules/acqui/ordered.tt | 2 +- .../prog/en/modules/acqui/orderreceive.tt | 6 +- .../intranet-tmpl/prog/en/modules/acqui/parcel.tt | 24 +- .../intranet-tmpl/prog/en/modules/acqui/spent.tt | 2 +- .../prog/en/modules/acqui/z3950_search.tt | 20 +- .../prog/en/modules/admin/aqbudgetperiods.tt | 8 +- .../prog/en/modules/admin/aqbudgets.tt | 34 +- .../intranet-tmpl/prog/en/modules/admin/aqplan.tt | 4 +- .../prog/en/modules/admin/categories.tt | 8 +- .../prog/en/modules/admin/columns_settings.tt | 6 + .../prog/en/modules/admin/itemtypes.tt | 8 +- .../en/modules/admin/preferences/cataloguing.pref | 4 + .../admin/preferences/enhanced_content.pref | 12 + .../prog/en/modules/admin/smart-rules.tt | 6 +- koha-tmpl/intranet-tmpl/prog/en/modules/auth.tt | 8 + .../prog/en/modules/catalogue/detail.tt | 17 +- .../en/modules/cataloguing/z3950_auth_search.tt | 3 +- .../prog/en/modules/cataloguing/z3950_search.tt | 19 +- .../prog/en/modules/circ/branchtransfers.tt | 2 +- .../prog/en/modules/circ/circulation.tt | 8 +- .../en/modules/circ/circulation_batch_checkouts.tt | 4 +- .../intranet-tmpl/prog/en/modules/circ/offline.tt | 2 +- .../intranet-tmpl/prog/en/modules/circ/renew.tt | 2 +- .../intranet-tmpl/prog/en/modules/circ/returns.tt | 18 +- .../prog/en/modules/clubs/templates-add-modify.tt | 16 +- .../prog/en/modules/members/accountline-details.tt | 10 +- .../prog/en/modules/members/boraccount.tt | 8 +- .../prog/en/modules/members/deletemem.tt | 2 +- .../prog/en/modules/members/memberentrygen.tt | 2 +- .../prog/en/modules/members/moremember-print.tt | 6 +- .../intranet-tmpl/prog/en/modules/members/pay.tt | 10 +- .../prog/en/modules/members/paycollect.tt | 6 +- .../en/modules/members/tables/members_results.tt | 2 +- .../prog/en/modules/patron_lists/list.tt | 28 +- .../prog/en/modules/patron_lists/lists.tt | 25 +- .../prog/en/modules/reports/borrowers_stats.tt | 2 +- .../prog/en/modules/reports/cash_register_stats.tt | 4 +- .../en/modules/reports/guided_reports_start.tt | 148 +++++++++ .../prog/en/modules/reports/orders_by_budget.tt | 12 +- .../prog/en/modules/reserve/request.tt | 4 +- .../en/modules/serials/subscription-batchedit.tt | 2 +- .../prog/en/modules/serials/subscription-detail.tt | 15 +- .../prog/en/modules/suggestion/suggestion.tt | 4 +- .../prog/en/modules/tools/import_borrowers.tt | 4 +- koha-tmpl/intranet-tmpl/prog/js/charts.js | 163 ++++++++++ koha-tmpl/opac-tmpl/bootstrap/css/opac.css | 2 +- koha-tmpl/opac-tmpl/bootstrap/css/src/opac.scss | 1 + .../bootstrap/en/includes/opac-bottom.inc | 29 +- .../en/includes/recordedbooks-checkout.inc | 15 + .../opac-tmpl/bootstrap/en/modules/opac-account.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-basket.tt | 2 +- .../en/modules/opac-recordedbooks-search.tt | 170 ++++++++++ .../opac-tmpl/bootstrap/en/modules/opac-reserve.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-results.tt | 33 +- .../bootstrap/en/modules/opac-shareshelf.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 4 +- .../opac-tmpl/bootstrap/en/modules/opac-user.tt | 44 ++- .../opac-tmpl/bootstrap/en/modules/sco/sco-main.tt | 2 +- .../bootstrap/en/xslt/MARC21slim2OPACResults.xsl | 24 +- koha-tmpl/opac-tmpl/bootstrap/js/recordedbooks.js | 334 ++++++++++++++++++++ ...se-reserves.pl => opac-recordedbooks-search.pl} | 20 +- opac/opac-search.pl | 9 +- opac/opac-user.pl | 1 + opac/svc/recordedbooks | 148 +++++++++ reports/borrowers_stats.pl | 11 - reports/guided_reports.pl | 7 + t/Auth_with_shibboleth.t | 63 +++- t/Koha_ExternalContent_RecordedBooks.t | 42 +++ t/db_dependent/Breeding.t | 60 +++- .../Koha_ExternalContent_RecordedBooks.t | 55 ++++ t/db_dependent/Letters.t | 96 +++++- .../lib/QA/TemplateFilters.pm | 117 ++++--- t/template_filters.t | 137 ++++++++ tools/letter.pl | 10 +- xt/find-missing-filters.t | 83 +---- 115 files changed, 2392 insertions(+), 535 deletions(-) create mode 100644 Koha/ExternalContent/RecordedBooks.pm create mode 100644 koha-tmpl/intranet-tmpl/lib/d3c3/c3.min.css create mode 100644 koha-tmpl/intranet-tmpl/lib/d3c3/c3.min.js create mode 100644 koha-tmpl/intranet-tmpl/lib/d3c3/d3.min.js create mode 100644 koha-tmpl/intranet-tmpl/prog/en/includes/chart.inc create mode 100644 koha-tmpl/intranet-tmpl/prog/js/charts.js create mode 100644 koha-tmpl/opac-tmpl/bootstrap/en/includes/recordedbooks-checkout.inc create mode 100644 koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-recordedbooks-search.tt create mode 100644 koha-tmpl/opac-tmpl/bootstrap/js/recordedbooks.js copy opac/{opac-course-reserves.pl => opac-recordedbooks-search.pl} (74%) create mode 100755 opac/svc/recordedbooks create mode 100755 t/Koha_ExternalContent_RecordedBooks.t mode change 100644 => 100755 t/db_dependent/Breeding.t create mode 100755 t/db_dependent/Koha_ExternalContent_RecordedBooks.t copy xt/find-missing-filters.t => t/lib/QA/TemplateFilters.pm (55%) mode change 100755 => 100644 create mode 100644 t/template_filters.t hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Oct 2 02:24:04 2018 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 02 Oct 2018 00:24:04 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v18.05.00-897-g051eef7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 051eef767ab3723a63e1bfff50864ab441e05f23 (commit) via 4859e49539e37f08689df3ba001739711f1332a4 (commit) via c6e44c9c6bb78bfb3edeacf877c5edb114aab558 (commit) via d1bf2238c49bad5471b467aae4a5f680639cee97 (commit) via 15670cd590e4a1efc01bb9bd1648162781486f5b (commit) via 8b1c37929509ea880eafdd0f0650f301d314b034 (commit) via 7858cae1bf5fbdfa07a2d03fee534d1613553146 (commit) via b3dee0daf29c4593aee2781307853845a6cd3735 (commit) via 5e6f4f1f4fb346351dcfc6c580888022641d4b6a (commit) via 3f20c8c65172c1a32e7d2b20ed2506199423f103 (commit) via 17db3ab05cb25d08f0790cff9eed5f0f75ca8107 (commit) via 08386cd3f05c5bc4dc6306e3a1d6c4878cce7c86 (commit) via 11885e75c04fa53cd88daae1ec0dc4a2a8ecd1f7 (commit) via fca98de0e8663c4e7049e55ac2cc2600c9b659a5 (commit) via b04df7d606afa7ec7a43c788dcfcd06e595ccabd (commit) from ccc40975e3cda7966b67be297dd16891aa8dc314 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 051eef767ab3723a63e1bfff50864ab441e05f23 Author: Nick Clemens Date: Tue Oct 2 00:09:12 2018 +0000 Bug 18639: (follow-up) Remove debugging code Signed-off-by: Nick Clemens commit 4859e49539e37f08689df3ba001739711f1332a4 Author: Nick Clemens Date: Tue Oct 2 00:05:22 2018 +0000 Bug 21403: DBRev 18.06.00.035 Signed-off-by: Nick Clemens commit c6e44c9c6bb78bfb3edeacf877c5edb114aab558 Author: Jonathan Druart Date: Mon Oct 1 12:14:17 2018 -0300 Bug 21403: Do not overwrite the options if modified locally Just in case... Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit d1bf2238c49bad5471b467aae4a5f680639cee97 Author: Owen Leonard Date: Tue Sep 25 13:16:09 2018 +0000 Bug 21403: Add Indian Amazon Affiliate option to AmazonLocale setting This patch adds an "IN" option to the AmazonLocale setting, allowing Indian libraries to use their Amazon Affiliate ID in Koha's links to Amazon. To test, apply the patch and run updatedatabase. - Go to Administration -> System preferences -> Enhanced content. - Enable the OPACAmazonCoverImages preference. - Enter a dummy ID in the AmazonAssocTag preference. - Confirm that you can select "Indian" for the AmazonLocale preference. - Select "Indian" and save. - Open a record in the OPAC and confirm that the cover image links to Amazon.in and includes the ID you entered in AmazonAssocTag. - Do the same with a record in the staff client. Signed-off-by: Pierre-Marc Thibault Signed-off-by: Jonathan Druart Signed-off-by: Nick Clemens commit 15670cd590e4a1efc01bb9bd1648162781486f5b Author: Owen Leonard Date: Thu Sep 27 12:59:01 2018 +0000 Bug 21430: Update two-column templates with Bootstrap grid: Reports part 3 This patch modifies several reports templates to use the Bootstrap grid instead of YUI. This patch also removes obsolete "text/javascript" attributes from