From gitmaster at git.koha-community.org Mon Jun 1 19:15:25 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 01 Jun 2015 17:15:25 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-52-g06ef680 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 06ef68046e52a56f690e656f30592ff46b21a383 (commit) via c7a8e4dd25768870de74a5a96c63a92ff1c7fcc8 (commit) via e1ac8b431002ad15ba8bc19a61f2daf0424552e2 (commit) via 9c37d43102d7e6224e9207b4ed02cb7d7eca9291 (commit) via 174b425c36416a2725da81345ccaf162c4f7f873 (commit) via 9878663731c4e31daf45ac8ce86e4bfa169d9689 (commit) via a4b7df44901311f3a96b4e8f828e105845763dac (commit) via 4b9f4e1749b3de782068dbe658a04d8ce059e292 (commit) via d78f832cb026ace04ff3e6d2c3765b39656e0e11 (commit) from 480ac8667971a638b4b27d0dc8e5bb29f9f2a372 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 06ef68046e52a56f690e656f30592ff46b21a383 Author: David Cook Date: Mon May 25 14:01:09 2015 +1000 Bug 14265 - Use $.trim instead of trim() in admin/categorie.tt This patch replaces trim() with $.trim() in admin/categorie.tt, as $.trim() is more cross-platform (ie it is supported in "< IE9"). _TEST PLAN_ Before applying patch: 0) Use IE 8 or use Document Mode 8 in a newer IE using F12 Developer Tools 1) Go to Administration > Patron categories 2) Click "Edit" next to a category 3) Click "Save" at the bottom 4) Note the form doesn't submit (you can also notice the error in the console log) Apply the patch: 5) Hold down shift + refresh the page 6) Click "Save" at the bottom" 7) Note that the form does submit and there are no errors reported Signed-off-by: Indranil Das Gupta Signed-off-by: Jonathan Druart No regression found using iceweasel. I did not know the staff interface was IE compatible. Signed-off-by: Tomas Cohen Arazi commit c7a8e4dd25768870de74a5a96c63a92ff1c7fcc8 Author: Jonathan Druart Date: Tue May 26 13:05:51 2015 +0200 Bug 14266: Trim the email address in the pl script The original concern of bug 14266 was to provide a compatibility for The form is not submited, no alert/message is displayed (same as before this patch). 3/ Share a list and provide an email address with spaces before and after 4/ Submit => You should receive the email Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Test output compliant with expected test plan outcome. Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit e1ac8b431002ad15ba8bc19a61f2daf0424552e2 Author: David Cook Date: Mon May 25 14:07:27 2015 +1000 Bug 14266: Replace trim() with $.trim() in opac-shareshelf.tt This patch replaces trim() with $.trim() which is supported in versions of IE older than IE9. Revised test plan ================= Before applying patch: 0) Use IE 8 or Document Mode 8 in a newer IE using F12 Developer Tools 1) Set OpacAllowSharingPrivateLists to "Allow" in Global System Preferences 2) Create a private list in the OPAC 3) Add a record to the private list 4) Click "Share" or "Share list" on one of the list screens 5) Type in an email address and click "Send" 6) Note the error in the console log 7) The page should submit Apply the patch: 7) Hold shift + refresh the browser to update any Javascript cache 8) Try to "Share" the list again 9) Note that the form submit after clicking "Send" and that there are no errors in the console log http://bugs.koha-community.org/show_bug.cgi?id=14266 Signed-off-by: Indranil Das Gupta Remarks: Works as per revised test plan Signed-off-by: Tomas Cohen Arazi commit 9c37d43102d7e6224e9207b4ed02cb7d7eca9291 Author: Mark Tompsett Date: Fri May 1 16:31:47 2015 -0400 Bug 14113: Silence t/Dates.t warnings and cleanup output. The expectation of a user not freaking out over 'Illegal date' messages is not sensible. Catch the messages, give a nicer message. Also, compress the veritical spacing on the output. TEST PLAN --------- 1) $ prove t/Dates.t -- notice Illegal date messages, and extra lines between some sectional messages. 2) Apply patch 3) $ prove t/Dates.t -- Notice how nice and clean it is? Try it with -v to see all the output, including the expected warning type messages. 4) run koha qa test tools. Test Remarks : complies with test plan. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) a Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 174b425c36416a2725da81345ccaf162c4f7f873 Author: Mark Tompsett Date: Fri May 1 17:56:07 2015 -0400 Bug 14115: Silence warnings in t/Label* Two functions were triggering noisy warnings while testing: _get_text_fields and _split_lccn. TEST PLAN ---------- 1) $ prove t/Label* -- several warnings 2) apply patch 3) $ prove t/Label* -- no warnings 4) koha qa test tools. Signed-off-by: Bernardo Gonzalez Kriegel Nicer, no koha-qa errors Signed-off-by: Aleisha Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 9878663731c4e31daf45ac8ce86e4bfa169d9689 Author: Mark Tompsett Date: Fri May 1 21:16:56 2015 -0400 Bug 14116: Silence noisy output for t/Scrubber. Why diag or print out things, unless it is -v? And why print anything except success or failure type messages? This cleans up the output. TEST PLAN --------- 1) $ prove t/Scrubber.t -- there's some noise. 2) apply patch 3) $ prove t/Scrubber.t -- noise issue resolved. Output is still reasonable for -v. 4) koha qa test tools Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit a4b7df44901311f3a96b4e8f828e105845763dac Author: Mark Tompsett Date: Fri May 1 21:36:23 2015 -0400 Bug 14117: Silence warnings t/SearchPazPar2.t The use of relative URLS (null actually), triggers warnings. Catch them, instead of letting them loose. TEST PLAN --------- 1) $ prove t/Search_PazPar2.t -- noise for each test currently. 2) apply patch 3) $ prove t/Search_PazPar2.t -- No noise, and extra tests added. -v shows caught warning tests. 4) koha qa test tools. Signed-off-by: Indranil Das Gupta Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 4b9f4e1749b3de782068dbe658a04d8ce059e292 Author: Mark Tompsett Date: Sat May 2 00:02:04 2015 -0400 Bug 14120: Fixing t/db_dependent/Auth.t noise TEST PLAN --------- 1) $ prove t/db_dependent/Auth.t -- warnings 2) Apply this patch 3) $ prove t/db_dependent/Auth.t -- only one specific type of warning 4) Apply bug 5010 patch 5) $ prove t/db_dependent/Auth.t -- noisy is eliminated 6) koha qa test tools. Signed-off-by: Bernardo Gonzalez Kriegel With patch only one warn With 5010 no more warns No errors Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit d78f832cb026ace04ff3e6d2c3765b39656e0e11 Author: Kyle M Hall Date: Wed May 20 11:31:18 2015 -0400 Bug 12066: New renew page in staff client doesn't record branch in statistics Test Plan: 1) Apply this patch 2) Renew an item via circ/renew.pl 3) Note the branch code of your logged in library is set as the branch in the generated statistic line Signed-off-by: Bernardo Gonzalez Kriegel Tested pre and post patch, now branch is saved No errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 2 +- C4/Labels/Label.pm | 7 +- C4/Templates.pm | 1 + circ/renew.pl | 3 +- .../prog/en/modules/admin/categorie.tt | 2 +- .../bootstrap/en/modules/opac-shareshelf.tt | 17 ++++- opac/opac-shareshelf.pl | 6 ++ t/Dates.t | 74 ++++++++++++++------ t/Scrubber.t | 46 ++++++------ t/Search_PazPar2.t | 43 +++++++++--- 10 files changed, 139 insertions(+), 62 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 1 19:32:08 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 01 Jun 2015 17:32:08 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-64-gc7a67ea Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via c7a67ea4f33402a1f3165864952d6a692f898953 (commit) via 3b3f82de377c87f9108bf07dd0d293182e5b9bdc (commit) via 5a58caad50e3167c5a14a71299ce399033570d86 (commit) via aecf9179a6eed5fd94d1be1a8b432d574392acc7 (commit) via 1a3364519c5306e744da186256a789b9dedf6105 (commit) via b0140ece4428962f952ffdbf34b77381e194488d (commit) via 30ed77dae60018b66d6f6f1813d67d3dbef51725 (commit) via 5e4633a3cc7dd4eca206d21e54279efe935268b1 (commit) via 9234b660386d092fbd0f244da67cb6caacfd12bd (commit) via 66ba71752a717239bd69b30ed2d4a43451a4b3d6 (commit) via 9f88fe006983d9f13797872adef7cf747291e4fa (commit) via 154eb5f6f55c60632811bcae240cc8254fab7efb (commit) from 06ef68046e52a56f690e656f30592ff46b21a383 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c7a67ea4f33402a1f3165864952d6a692f898953 Author: Zeno Tajoli Date: Wed Apr 22 17:03:38 2015 +0200 Bug 14047: Order z39.50 biblioservers in cataloguing Signed-off-by: Marcel de Rooy Bug 14047: Sort z39.50 servers in Acquisition Signed-off-by: Marcel de Rooy Bug 14047: [QA Follow-up] Move result_class back into attributes No need to put this into a separate call. Signed-off-by: Marcel de Rooy Note that we strictly speaking do not need the hashref inflator here, because TT understands hash.column as well as object.property. Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 3b3f82de377c87f9108bf07dd0d293182e5b9bdc Author: Marc V?ron Date: Sun Apr 26 21:36:25 2015 +0200 Bug 11929: patron modification error shows borrowernumber If an error occurs in patron batch modification, a message similar to the following is displayed: Can not update patron with borrowernumber 7055 It would be useful to have the cardnumber as well. This patch adds the card number to the lists of errors. It is not easy to trigger an error (see comments). For testing, I tweaked the sub ModMember in C4/Members.pm to always return false. TEST PLAN --------- 1) Log in as a superlibrarian and create a test user 2) Change the cardnumber to a number differing from the borrower number. 3) Home -> Tools -> Batch patron modification 4) Type in the cardnumber of that test user 5) Check the Library checkbox. 6) Click Save -- nice error, but it is borrower number instead of the card number which was entered. 7) Apply the patch 8) Repeat steps 3-6 -- nice error, but it is now more informative. 9) run koha qa test tools. Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 5a58caad50e3167c5a14a71299ce399033570d86 Author: Jonathan Druart Date: Thu Apr 23 13:25:33 2015 +0200 Bug 11603: Change the output filenames The output filename is notices_all_.[html|csv|ods] if no letter_code parameter is given. If 1 is given: notices__.[html|csv|ods] If 1+ are given: noties__...__.[html|csv|ods] Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit aecf9179a6eed5fd94d1be1a8b432d574392acc7 Author: Jonathan Druart Date: Thu Apr 23 09:37:36 2015 +0200 Bug 11603: (follow-up) pod The filenames will change Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 1a3364519c5306e744da186256a789b9dedf6105 Author: Katrin Fischer Date: Thu Apr 23 02:03:32 2015 +0200 Bug 11603: Some minor documentation changes Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit b0140ece4428962f952ffdbf34b77381e194488d Author: Fr?d?ric Demians Date: Tue Apr 14 13:13:18 2015 +0200 Bug 11603: Add --send|--nosend, fix stuf Fix --html without --letter_code Fix --ods which was producing a 2 lines ods file Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 30ed77dae60018b66d6f6f1813d67d3dbef51725 Author: Jonathan Druart Date: Tue Apr 14 11:07:00 2015 +0200 Bug 11603: Fix encoding issues (bug 11944 is now pushed) Signed-off-by: Frederic Demians No more encoding issue with html file, no problem with csv|ods Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 5e4633a3cc7dd4eca206d21e54279efe935268b1 Author: Jonathan Druart Date: Wed Feb 26 13:35:42 2014 +0100 Bug 11603: If a letter code is given, filenames should contain it If you choose to generate print notices for a specific letter code, the generated files should be distinct. The use case is: you want to process print notice for letter codes: overdue1, overdue2 and overdue3. The cronjobs will be: perl misc/cronjobs/gather_print_notices.pl /tmp --letter_code=overdue1 --csv --ods --html --delimiter=";" perl misc/cronjobs/gather_print_notices.pl /tmp --letter_code=overdue2 --csv --ods --html --delimiter=";" perl misc/cronjobs/gather_print_notices.pl /tmp --letter_code=overdue3 --csv --ods --html --delimiter=";" without this patch, the 2 first files will be erased. Signed-off-by: Frederic Demians Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 9234b660386d092fbd0f244da67cb6caacfd12bd Author: Jonathan Druart Date: Wed Jan 22 17:11:38 2014 +0100 Bug 11603: Gather print notices - add a ods parameter This patch adds: - the ability to generate an ods file From now you are able to generate a ods file for print notices. You would like to generate a csv file and not a html file. Test plan: - same as previous patch but test the following parameters: perl misc/cronjobs/gather_print_notices.pl /tmp/test --ods --letter_code=OVERDUE -d=: you should get an error because csv2ods is not installed. Follow the installation instructions and try again the command. A ods file should be generated in your /tmp/test directory. Signed-off-by: Frederic Demians Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 66ba71752a717239bd69b30ed2d4a43451a4b3d6 Author: Jonathan Druart Date: Wed Jan 22 13:56:10 2014 +0100 Bug 11603: Gather print notices - add a csv parameter This patch adds: - the ability to generate a csv file instead of a html file. - a letter_code parameter. From now you are able to generate a csv file for print notices. Imagine a template notice defined as: cardnumber:patron:email:item <>:<> >:<>:<> You would like to generate a csv file and not a html file. Test plan: - define your ODUE notice for the print template as: cardnumber:patron:email:item <>:<> <>:<>:<> - define overdues rules for a patron category - check 2 items out using a due date in order to generate the overdue notices - check these 2 items in - launch the overdue_notices script - the message_queue table should now contain 2 new entries - launch the gather_print_notices cronjob with the following parameters: perl misc/cronjobs/gather_print_notices.pl /tmp/test --csv --letter_code=OVERDUE --letter_code=CHECKIN you should get an error perl misc/cronjobs/gather_print_notices.pl /tmp/test --csv you should get an error perl misc/cronjobs/gather_print_notices.pl /tmp/test --csv --letter_code=OVERDUE -d=: will produce 1 csv file in your /tmp/test directory - verify the csv file is correct and contain only 1 csv header column. Signed-off-by: Frederic Demians Signed-off-by: Katrin Fischer QA note: Keep in mind that you can use all placeholders for the csv that you can use for the normal templates. If you normally get the item information from you need to use that. If you can use <> directly, you can also do so in the csv. Signed-off-by: Tomas Cohen Arazi commit 9f88fe006983d9f13797872adef7cf747291e4fa Author: Jonathan Druart Date: Wed Jan 22 11:42:41 2014 +0100 Bug 11603: Preparation step, cleaning up This patch refactores and adds some good practices: - use Modern::Perl - use Pod::Usage - add POD Signed-off-by: Frederic Demians Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 154eb5f6f55c60632811bcae240cc8254fab7efb Author: Bernardo Gonzalez Kriegel Date: Tue May 26 14:45:22 2015 -0300 Bug 14279: Remove CGI::scrolling_list from issues_avg_stats.pl This patch removes scrolling_lists from this file To test 1) Go to Reports > Average loan time 2) Check dropdowns Patron category, Item type, Sort1/2 and Into application will be changed 3) Apply the patch 4) Reload and check for regression Followed test plan. Works as expected. Signed-off-by: Marc Veron Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: acqui/z3950_search.pl | 4 +- cataloguing/z3950_search.pl | 4 +- .../prog/en/modules/reports/issues_avg_stats.tt | 55 ++- .../prog/en/modules/tools/modborrowers.tt | 7 +- misc/cronjobs/gather_print_notices.pl | 388 ++++++++++++++++---- reports/issues_avg_stats.pl | 84 ++--- tools/modborrowers.pl | 6 +- 7 files changed, 398 insertions(+), 150 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 1 20:45:44 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 01 Jun 2015 18:45:44 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-67-ge46d554 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via e46d55409c5e8f6198bb615fbd8e86e3c8d9ea1c (commit) via e365e6e53592a4639f18173def7e74e0ad24419c (commit) via 959e6b7ae433d891a31c20b86690ab68446bf508 (commit) from c7a67ea4f33402a1f3165864952d6a692f898953 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e46d55409c5e8f6198bb615fbd8e86e3c8d9ea1c Author: Tomas Cohen Arazi Date: Mon Jun 1 15:44:00 2015 -0300 Bug 14285: DBRev 3.21.00.003 Signed-off-by: Tomas Cohen Arazi commit e365e6e53592a4639f18173def7e74e0ad24419c Author: Bernardo Gonzalez Kriegel Date: Thu May 28 12:18:38 2015 -0300 Bug 14285: Bengali locale needs to be re-defined This patch renames translation files for Bengali language, from ben-* to bn-IN-*. Also adds India as region To test: 1) Apply the patch 2) Run updatedatabase 3) Install Bengali language cd misc/translator perl translate install bn-IN enable Check correct description 4) Create and install a fake Bengali variant cd misc/translator perl translate create bn-XX perl translate install bn-XX enable both variants Check correct rendering of region Results comply with expected test plan outcome. Signed off for bn-IN Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 959e6b7ae433d891a31c20b86690ab68446bf508 Author: Nicole C. Engard Date: Thu May 28 11:39:29 2015 -0500 Bug 14291: Fix OpacExportOptions text This patch removes the instruction to separate values by | in the OpacExportOptions preference. To test: Go to system preferences Find OpacExportOptions Confirm text is right Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Test output compliant with expected test plan outcome. Signed-off-by: Katrin Fischer Changed "List" to "Select" and removed a space before the : at the end. Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: Koha.pm | 2 +- installer/data/mysql/mandatory/subtag_registry.sql | 10 ++++++++++ installer/data/mysql/updatedatabase.pl | 18 ++++++++++++++++++ .../prog/en/modules/admin/preferences/opac.pref | 2 +- .../po/{ben-marc-MARC21.po => bn-IN-marc-MARC21.po} | 0 .../{ben-marc-NORMARC.po => bn-IN-marc-NORMARC.po} | 0 .../{ben-marc-UNIMARC.po => bn-IN-marc-UNIMARC.po} | 0 ...ben-opac-bootstrap.po => bn-IN-opac-bootstrap.po} | 0 misc/translator/po/{ben-pref.po => bn-IN-pref.po} | 0 .../po/{ben-staff-help.po => bn-IN-staff-help.po} | 0 .../po/{ben-staff-prog.po => bn-IN-staff-prog.po} | 0 11 files changed, 30 insertions(+), 2 deletions(-) rename misc/translator/po/{ben-marc-MARC21.po => bn-IN-marc-MARC21.po} (100%) rename misc/translator/po/{ben-marc-NORMARC.po => bn-IN-marc-NORMARC.po} (100%) rename misc/translator/po/{ben-marc-UNIMARC.po => bn-IN-marc-UNIMARC.po} (100%) rename misc/translator/po/{ben-opac-bootstrap.po => bn-IN-opac-bootstrap.po} (100%) rename misc/translator/po/{ben-pref.po => bn-IN-pref.po} (100%) rename misc/translator/po/{ben-staff-help.po => bn-IN-staff-help.po} (100%) rename misc/translator/po/{ben-staff-prog.po => bn-IN-staff-prog.po} (100%) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 3 09:35:07 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 03 Jun 2015 07:35:07 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-12-g21d4ea5 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 21d4ea5ccc6313fe59ef535555da8874c34ffd5a (commit) via adf816c8c902940597b65e462cae3a99075509c1 (commit) via b85094aa10c9c6c3bc9d5bc83d9bfd04af4c7c0d (commit) via 2b9ef94685ea014a014fdc994f8def827040e6f2 (commit) from 9c3ebb73c8ad33673b8e697e76b7c87ff6eb9035 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 21d4ea5ccc6313fe59ef535555da8874c34ffd5a Author: Marcel de Rooy Date: Sat May 23 14:01:57 2015 +0200 Bug 12176: Fix for missing field_value in select As Jonathan Druart discovered, we were still missing an important attribute in the selects. Var mv.name was not filled, so the name was empty with nice side-effects :) While fixing this, it was also possible to delete some unused vars that Bernardo already mentioned before: $attributes and $attributes_no_value. Signed-off-by: Marcel de Rooy Signed-off-by: Bernardo Gonzalez Kriegel For me the simptom was different, when saving an edited item fields were mangled beyond repear :( No alert for empty mandatory fields. But this last patch fix the problem. Tested add/edit items Cleaner pl file :) No errors Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit e021b512e34d0521803fa5f32dd67f1532ddb73d) Signed-off-by: Chris Cormack commit adf816c8c902940597b65e462cae3a99075509c1 Author: Marcel de Rooy Date: Wed May 20 16:42:34 2015 +0200 Bug 12176: [QA Follow-up] Capitalization typo after eleventh hour While cleaning up, still found this super tiny string typo :) Yes, Tag Editor should now be Tag editor. Test plan :) Git grep on Tag editor and Tag Editor Signed-off-by: Marcel de Rooy Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 351b2f753f7b30665dc22be595af4a00589424e7) Signed-off-by: Chris Cormack commit b85094aa10c9c6c3bc9d5bc83d9bfd04af4c7c0d Author: Marcel de Rooy Date: Wed May 20 14:56:48 2015 +0200 Bug 12176: [QA Follow-up] Small additem adjustments Adjusting a few small things and making qa tools happy: [1] Remove .hidden after [% avalue %] in additem.tt. (Typo) [2] A closer look revealed that mv.avalue is useless too. An input element does not contain any content. Putting it after the hidden element in a non-visible context has no meaning. [3] Change handling of select attributes readonly and disabled. [4] Remove unused variable $attributes_no_value_textarea [5] Removed a comment with TODO referring to this report. [6] Moving a duplicated TT variable (mv.javascript) outside IF statement. [7] And finally could not resist this one: Moving strings Tag editor and No popup from script to template. Plugins++ NOTE: Most item plugins redirect click to focus. In that case there is no popup, but unfortunately the text Tag editor comes up. When you remove or rename function Click, No popup comes up. So it works. Sorry that this small list kept growing :) Signed-off-by: Marcel de Rooy Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 50d2b712883808a36b1d03ac770aed470c8d19d1) Signed-off-by: Chris Cormack commit 2b9ef94685ea014a014fdc994f8def827040e6f2 Author: Bernardo Gonzalez Kriegel Date: Tue May 19 13:06:34 2015 -0300 Bug 12176: Remove HTML from additem.pl This patch removes HTML code from additem.pl. To test: 1. Check no regressions on Add/Edit/Save items 2. Update translation files for a language, check new strings "Tag editor" & "No popup" on staff PO file 3. Check it passes xt/tt_valid.t Patch partially rebased, part rewritten. Signed-off-by: Marcel de Rooy Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 47d2de9c024bfb93d56184f298f334b20685cd86) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: cataloguing/additem.pl | 128 ++++++++++++-------- .../prog/en/modules/cataloguing/additem.tt | 37 +++++- 2 files changed, 111 insertions(+), 54 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 3 09:42:57 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 03 Jun 2015 07:42:57 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-14-g2796499 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 2796499f6c2b5ee41425cdf6a08723e6ace96d37 (commit) via 8a969be0fd70986f80285af3bdd3e8405e39ff66 (commit) from 21d4ea5ccc6313fe59ef535555da8874c34ffd5a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2796499f6c2b5ee41425cdf6a08723e6ace96d37 Author: Bernardo Gonzalez Kriegel Date: Tue May 26 11:00:02 2015 -0300 Bug 14275: Remove CGI::scrolling_list from guided_reports.pl Remove an instance of CGI::scrolling_list from this file To test: 1) Go to Reports, Guided report wizard, New SQL report 2) Create a report with some auth value list, e.g. SELECT surname,firstname FROM borrowers WHERE branchcode=<> Save 3) Clic on 'Run this report", look at the dropdown, that will be changed 4) Apply the patch 5) Reload, check dropdown and any regression Followed test plan, works as expected. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 764b425c1ce0573f9b02bfa3b9b2425137630f0c) Signed-off-by: Chris Cormack commit 8a969be0fd70986f80285af3bdd3e8405e39ff66 Author: Mark Tompsett Date: Fri May 22 09:02:23 2015 -0400 Bug 14112: Silence warnings in t/Charset.t After Jonathan said this was the wrong way to correct the issue, www.utf8-chartable.de made it clear to me that the \c3\a9 were missing x's. TEST PLAN --------- 1) prove t/Charset.t -- noise 2) apply patch 3) prove t/Charset.t -- no noise 4) koha qa test tools Signed-off-by: Aleisha Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 4d4582566ee7d2014f30f15db4889d4cad956316) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: .../prog/en/modules/reports/guided_reports_start.tt | 8 +++++++- reports/guided_reports.pl | 17 ++++++----------- t/Charset.t | 2 +- 3 files changed, 14 insertions(+), 13 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 3 22:51:26 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 03 Jun 2015 20:51:26 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-22-gad20eea Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via ad20eea3d10bef81a7bfef216271a487fb871dba (commit) via 8ba2e5b1cc6f4a7d747807504b83637a1b14d9b7 (commit) via e61073b98536142fade406ed3d30be6db38d6863 (commit) via 4fd21c2258aa725162b57031cd80430acbaf46d6 (commit) via d1708202116435ccc2c7e77937f667177a015121 (commit) via 983312a96fbd51fa30280821b31e6cc833a4de77 (commit) via d9621c58831994016f8638cd84cc840ac3fb0b5c (commit) via 0f0fc26c609d98a550f49c5828b781345edaeadf (commit) from 2796499f6c2b5ee41425cdf6a08723e6ace96d37 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit ad20eea3d10bef81a7bfef216271a487fb871dba Author: Zeno Tajoli Date: Wed Apr 22 17:03:38 2015 +0200 Bug 14047: Order z39.50 biblioservers in cataloguing Signed-off-by: Marcel de Rooy Bug 14047: Sort z39.50 servers in Acquisition Signed-off-by: Marcel de Rooy Bug 14047: [QA Follow-up] Move result_class back into attributes No need to put this into a separate call. Signed-off-by: Marcel de Rooy Note that we strictly speaking do not need the hashref inflator here, because TT understands hash.column as well as object.property. Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit c7a67ea4f33402a1f3165864952d6a692f898953) Signed-off-by: Chris Cormack commit 8ba2e5b1cc6f4a7d747807504b83637a1b14d9b7 Author: Marc V?ron Date: Sun Apr 26 21:36:25 2015 +0200 Bug 11929: patron modification error shows borrowernumber If an error occurs in patron batch modification, a message similar to the following is displayed: Can not update patron with borrowernumber 7055 It would be useful to have the cardnumber as well. This patch adds the card number to the lists of errors. It is not easy to trigger an error (see comments). For testing, I tweaked the sub ModMember in C4/Members.pm to always return false. TEST PLAN --------- 1) Log in as a superlibrarian and create a test user 2) Change the cardnumber to a number differing from the borrower number. 3) Home -> Tools -> Batch patron modification 4) Type in the cardnumber of that test user 5) Check the Library checkbox. 6) Click Save -- nice error, but it is borrower number instead of the card number which was entered. 7) Apply the patch 8) Repeat steps 3-6 -- nice error, but it is now more informative. 9) run koha qa test tools. Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 3b3f82de377c87f9108bf07dd0d293182e5b9bdc) Signed-off-by: Chris Cormack commit e61073b98536142fade406ed3d30be6db38d6863 Author: Bernardo Gonzalez Kriegel Date: Tue May 26 14:45:22 2015 -0300 Bug 14279: Remove CGI::scrolling_list from issues_avg_stats.pl This patch removes scrolling_lists from this file To test 1) Go to Reports > Average loan time 2) Check dropdowns Patron category, Item type, Sort1/2 and Into application will be changed 3) Apply the patch 4) Reload and check for regression Followed test plan. Works as expected. Signed-off-by: Marc Veron Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 154eb5f6f55c60632811bcae240cc8254fab7efb) Signed-off-by: Chris Cormack commit 4fd21c2258aa725162b57031cd80430acbaf46d6 Author: David Cook Date: Mon May 25 14:01:09 2015 +1000 Bug 14265 - Use $.trim instead of trim() in admin/categorie.tt This patch replaces trim() with $.trim() in admin/categorie.tt, as $.trim() is more cross-platform (ie it is supported in "< IE9"). _TEST PLAN_ Before applying patch: 0) Use IE 8 or use Document Mode 8 in a newer IE using F12 Developer Tools 1) Go to Administration > Patron categories 2) Click "Edit" next to a category 3) Click "Save" at the bottom 4) Note the form doesn't submit (you can also notice the error in the console log) Apply the patch: 5) Hold down shift + refresh the page 6) Click "Save" at the bottom" 7) Note that the form does submit and there are no errors reported Signed-off-by: Indranil Das Gupta Signed-off-by: Jonathan Druart No regression found using iceweasel. I did not know the staff interface was IE compatible. Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 06ef68046e52a56f690e656f30592ff46b21a383) commit d1708202116435ccc2c7e77937f667177a015121 Author: Jonathan Druart Date: Tue May 26 13:05:51 2015 +0200 Bug 14266: Trim the email address in the pl script The original concern of bug 14266 was to provide a compatibility for The form is not submited, no alert/message is displayed (same as before this patch). 3/ Share a list and provide an email address with spaces before and after 4/ Submit => You should receive the email Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Test output compliant with expected test plan outcome. Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit c7a8e4dd25768870de74a5a96c63a92ff1c7fcc8) Signed-off-by: Chris Cormack commit 983312a96fbd51fa30280821b31e6cc833a4de77 Author: David Cook Date: Mon May 25 14:07:27 2015 +1000 Bug 14266: Replace trim() with $.trim() in opac-shareshelf.tt This patch replaces trim() with $.trim() which is supported in versions of IE older than IE9. Revised test plan ================= Before applying patch: 0) Use IE 8 or Document Mode 8 in a newer IE using F12 Developer Tools 1) Set OpacAllowSharingPrivateLists to "Allow" in Global System Preferences 2) Create a private list in the OPAC 3) Add a record to the private list 4) Click "Share" or "Share list" on one of the list screens 5) Type in an email address and click "Send" 6) Note the error in the console log 7) The page should submit Apply the patch: 7) Hold shift + refresh the browser to update any Javascript cache 8) Try to "Share" the list again 9) Note that the form submit after clicking "Send" and that there are no errors in the console log http://bugs.koha-community.org/show_bug.cgi?id=14266 Signed-off-by: Indranil Das Gupta Remarks: Works as per revised test plan Signed-off-by: Tomas Cohen Arazi (cherry picked from commit e1ac8b431002ad15ba8bc19a61f2daf0424552e2) Signed-off-by: Chris Cormack commit d9621c58831994016f8638cd84cc840ac3fb0b5c Author: Kyle M Hall Date: Wed May 20 11:31:18 2015 -0400 Bug 12066: New renew page in staff client doesn't record branch in statistics Test Plan: 1) Apply this patch 2) Renew an item via circ/renew.pl 3) Note the branch code of your logged in library is set as the branch in the generated statistic line Signed-off-by: Bernardo Gonzalez Kriegel Tested pre and post patch, now branch is saved No errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit d78f832cb026ace04ff3e6d2c3765b39656e0e11) Signed-off-by: Chris Cormack commit 0f0fc26c609d98a550f49c5828b781345edaeadf Author: Katrin Fischer Date: Mon May 25 11:22:07 2015 +0200 Bug 13946: Change order status 'Pending' to 'Ordered' The order status after closing the basket is 'ordered' in the database, but displays as 'pending' in the staff interface. As we use 'pending' when you have to review a suggestion, this clashes in translations and the meaning is different. The patch renames 'pending' for the order status to 'Ordered' to be more clear. To test: - Verfiy 'Ordered' shows in the pull down on the acq advanced search and search still works correctly - Verify the results table also display 'Ordered' as the status Signed-off-by: C?dric Vita Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 480ac8667971a638b4b27d0dc8e5bb29f9f2a372) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: acqui/z3950_search.pl | 4 +- cataloguing/z3950_search.pl | 4 +- circ/renew.pl | 3 +- .../prog/en/modules/acqui/histsearch.tt | 6 +- .../prog/en/modules/admin/categorie.tt | 2 +- .../prog/en/modules/reports/issues_avg_stats.tt | 55 ++++++++++--- .../prog/en/modules/tools/modborrowers.tt | 7 +- .../bootstrap/en/modules/opac-shareshelf.tt | 17 +++- opac/opac-shareshelf.pl | 6 ++ reports/issues_avg_stats.pl | 84 +++++++------------- tools/modborrowers.pl | 6 +- 11 files changed, 116 insertions(+), 78 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 4 03:57:00 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 04 Jun 2015 01:57:00 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-25-g77c9563 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 77c9563f1ed1c89266f4308cff165a78782289f6 (commit) via a93957d53fbfb9cf0c3f73dd1462cd5212182673 (commit) via 99325e9c7a17d7f9259a0eb929550b8c4c1c0012 (commit) from ad20eea3d10bef81a7bfef216271a487fb871dba (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 77c9563f1ed1c89266f4308cff165a78782289f6 Author: Chris Cormack Date: Thu Jun 4 13:58:17 2015 +1200 Updating version to 3.20.00.001 commit a93957d53fbfb9cf0c3f73dd1462cd5212182673 Author: Bernardo Gonzalez Kriegel Date: Thu May 28 12:18:38 2015 -0300 Bug 14285: Bengali locale needs to be re-defined This patch renames translation files for Bengali language, from ben-* to bn-IN-*. Also adds India as region To test: 1) Apply the patch 2) Run updatedatabase 3) Install Bengali language cd misc/translator perl translate install bn-IN enable Check correct description 4) Create and install a fake Bengali variant cd misc/translator perl translate create bn-XX perl translate install bn-XX enable both variants Check correct rendering of region Results comply with expected test plan outcome. Signed off for bn-IN Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit e365e6e53592a4639f18173def7e74e0ad24419c) Signed-off-by: Chris Cormack commit 99325e9c7a17d7f9259a0eb929550b8c4c1c0012 Author: Nicole C. Engard Date: Thu May 28 11:39:29 2015 -0500 Bug 14291: Fix OpacExportOptions text This patch removes the instruction to separate values by | in the OpacExportOptions preference. To test: Go to system preferences Find OpacExportOptions Confirm text is right Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Test output compliant with expected test plan outcome. Signed-off-by: Katrin Fischer Changed "List" to "Select" and removed a space before the : at the end. Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 959e6b7ae433d891a31c20b86690ab68446bf508) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: Koha.pm | 2 +- installer/data/mysql/mandatory/subtag_registry.sql | 10 ++++++++ installer/data/mysql/updatedatabase.pl | 24 ++++++++++++++++++++ .../prog/en/modules/admin/preferences/opac.pref | 2 +- .../{ben-marc-MARC21.po => bn-IN-marc-MARC21.po} | 0 .../{ben-marc-NORMARC.po => bn-IN-marc-NORMARC.po} | 0 .../{ben-marc-UNIMARC.po => bn-IN-marc-UNIMARC.po} | 0 ...n-opac-bootstrap.po => bn-IN-opac-bootstrap.po} | 0 misc/translator/po/{ben-pref.po => bn-IN-pref.po} | 0 .../po/{ben-staff-help.po => bn-IN-staff-help.po} | 0 .../po/{ben-staff-prog.po => bn-IN-staff-prog.po} | 0 11 files changed, 36 insertions(+), 2 deletions(-) rename misc/translator/po/{ben-marc-MARC21.po => bn-IN-marc-MARC21.po} (100%) rename misc/translator/po/{ben-marc-NORMARC.po => bn-IN-marc-NORMARC.po} (100%) rename misc/translator/po/{ben-marc-UNIMARC.po => bn-IN-marc-UNIMARC.po} (100%) rename misc/translator/po/{ben-opac-bootstrap.po => bn-IN-opac-bootstrap.po} (100%) rename misc/translator/po/{ben-pref.po => bn-IN-pref.po} (100%) rename misc/translator/po/{ben-staff-help.po => bn-IN-staff-help.po} (100%) rename misc/translator/po/{ben-staff-prog.po => bn-IN-staff-prog.po} (100%) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 4 15:14:39 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 04 Jun 2015 13:14:39 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-79-g8e726e3 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 8e726e3ee1e519d138074a986c27a2c393e23701 (commit) via 85a057bc5e1ff5b70bfe6a332e197a51af60bcee (commit) via cfacda2bb40d5a13af57d62f2df1cda6bcd9a524 (commit) via 511587395f7ee2daf223c2d5b902d71abbf3fca8 (commit) via ece2b02a57fdb692c02f00540df436af1f5ba971 (commit) via 0fa0297d7da7af6a9f4cd82b34ac86018391289f (commit) via 04f5e7d4e7db833c18afe27a4dc4fd5b66b41099 (commit) via 61d9cb28dc7caa33d853dbe37ef6b601a8318aa0 (commit) via 3b4c4a486133882d435369c264dc7b74b5e769f6 (commit) via 1651cf70d10101739e3a7ff943fb709cedf6dccf (commit) via 8f12796633e71b9c1e8442cdeba2f7333e71ca52 (commit) via b59b9919777444c45e0b8ec4af5cf61dd3f5fa45 (commit) from e46d55409c5e8f6198bb615fbd8e86e3c8d9ea1c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8e726e3ee1e519d138074a986c27a2c393e23701 Author: Mark Tompsett Date: Mon May 4 20:37:58 2015 -0400 Bug 14111 - More t/Auth_with_shibboleth.t silencing TEST PLAN --------- 1) Apply first patch 2) prove t/Auth_with_shibboleth.t -- failed?! 3) apply this patch 4) prove t/Auth_with_shibboleth.t -- success. *whew* 5) koha-qa test tools. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Test remarks: Expected outcome as per test plan. No anomaly noted. Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 85a057bc5e1ff5b70bfe6a332e197a51af60bcee Author: Mark Tompsett Date: Fri May 1 15:14:49 2015 -0400 Bug 14111: Silence warnings in t/Auth_with_shibboleth.t Poorly capturing warnings_exist test cases generated noise. This patch fixes that. TEST PLAN --------- 1) $ prove t/Auth_with_shibboleth.t -- There are messages about lines 132 and 133. Noise. 2) Apply patch 3) $ prove t/Auth_with_shibboleth.t -- No messages. YAY! 4) koha qa test tools Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Test remarks: Expected outcome as per test plan. No anomaly noted. Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit cfacda2bb40d5a13af57d62f2df1cda6bcd9a524 Author: Winona Salesky Date: Tue Apr 21 22:49:57 2015 -0400 Bug 13382 - RDA: 700/710/711 display in XSLT Test Plan: 1) Apply this patch 2) Ensure you are using the default XSLT setting for the staff and opac record details 3) Find or create a record with MARC tags 700,710,711 4) Perform an opac search that would show the record in the search results. 5) Click title to review record. 6) Note the fields updates 700,710,711 to show subfields a, b, c, d, e, f, g, h, i, k, l, m, n, o, p, r, s, t, u, x. Multiple fields are separated by span class=separator |. Adds Related and Contained Works as new headings. 7) Repeat steps 4 - 6 for the staff interface Signed-off-by: Nick Clemens Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 511587395f7ee2daf223c2d5b902d71abbf3fca8 Author: Robin Sheat Date: Tue Jun 2 13:12:51 2015 +1200 Bug 14312: dependency updates Signed-off-by: Tomas Cohen Arazi commit ece2b02a57fdb692c02f00540df436af1f5ba971 Author: Jonathan Druart Date: Sun May 24 18:00:57 2015 +0200 Bug 14263: Fix export of item search results when translated This csv does not use the correct way to display headers. They should be put in a separate file to get a correct display. Without this patch, the first line of the generated file contains the headers + data Test plan: 1/ choose a language and update + translate the templates for instance: cd misc/translate; ./translate update es-ES; ./translate install es-ES 2/ Go to the item search form using this language 3/ Launch a search and select CSV to display the results. The CSV headers should be correct Signed-off-by: Frederic Demians Seen the bug. Works as described. Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 0fa0297d7da7af6a9f4cd82b34ac86018391289f Author: Jonathan Druart Date: Tue Apr 28 12:52:36 2015 +0200 Bug 12320: Remove deprecated construct to delete cookie showColumns $.cookie('foo', null); is deprecated and should be replaced with $.removeCookie('foo'); This patch replaces the occurrences for the "showColumns" cookie. Before this patch, there was a bug on the batchmod tools. To reproduce the issue: 1/ Go on the Batch item modification tool 2/ Fill the textarea with barcodes and submit 3/ Click on some column names (to create the cookie) 4/ Click on 'Show all columns" (to set the cookie to null) 5/ Don't submit and repeat steps 1 & 2 6/ You should see a js error: Error: Syntax error, unrecognized expression: :nth-child ...break;q=a}return s},m.error=function(a){throw new Error("Syntax error, unrecogni... Test plan: Confirm the issue has gone away and there is no regression on the column selection Signed-off-by: Bernardo Gonzalez Kriegel No js error, no regressions, no errors Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 04f5e7d4e7db833c18afe27a4dc4fd5b66b41099 Author: Jonathan Druart Date: Tue Apr 28 12:52:00 2015 +0200 Bug 12320: Remove deprecated construct to delete cookie holdfor $.cookie('foo', null); is deprecated and should be replaced with $.removeCookie('foo'); This patch replaces the occurrences for the "holdfor" cookie. Test plan: 1/ Search for a patron 2/ On the patron detail page, click on "search to hold" 3/ Search for records 4/ On the results page, click on "Place hold" > "Forget PATRON" 5/ Reload the page. 6/ The "Place hold" button should not contain the patron anymore Signed-off-by: Bernardo Gonzalez Kriegel Works as described, no errors Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 61d9cb28dc7caa33d853dbe37ef6b601a8318aa0 Author: Tomas Cohen Arazi Date: Thu Jun 4 10:05:48 2015 -0300 Bug 5010: DBRev 3.21.00.004 Signed-off-by: Tomas Cohen Arazi commit 3b4c4a486133882d435369c264dc7b74b5e769f6 Author: Jonathan Druart Date: Wed Apr 29 12:59:23 2015 +0200 Bug 5010: Fix - replace tab with spaces Signed-off-by: Jonathan Druart Signed-off-by: Bernardo Gonzalez Kriegel No errors. Tested what I can, not plack/shibboleth/cas Perhaps this can pass and we can fix any problem later (for 3.22) Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi commit 1651cf70d10101739e3a7ff943fb709cedf6dccf Author: Mark Tompsett Date: Wed Feb 11 15:26:13 2015 +0000 Bug 5010: Fix OPACBaseURL to include protocol First, it is strongly recommended to set the OPACBaseURL. But this patch allows the inclusion of the protocol and not just a site. Next, C4/Auth now puts OPACBaseURL into the template parameters regardless of OPAC or Staff clients. t/db_dependent/Auth.t was tweaked to add a check for confirming that get_template_and_user adds OPACBaseURL to both OPAC and Staff templates. In the staff client, once the OPACBaseURL is set, you get a nice OPAC View link when viewing a biblio's detail. It should reflect the protocol used now. Hard coded 'http://' strings were removed from the sample_notices.sql files. This is what required also updating the letters table in the updatedatabase.pl script. The explanation text in the sysprefs.sql needed updating too to reflect the inclusion of the protocol. And this was the other update done in the updatedatabase.pl script. The opac.pref file was similarly changed as well. catalogue/detail.pl had no need to pass a custom OpacUrl value, since C4/Auth passes the required OPACBaseURL, so it and the corresponding template were modified. Both the MARC21 and NORMARC intranet details files had 'http://' hard coded in them. This was removed. Both the bootstrap and prog theme opac-detail template had a protocol parameter that was used. The logic for the parameter was not removed, because it is used extensively in one template. Perhaps it should be used to simplify the other. However, the calculated current_url parameter had references to the protocol removed, because of the changes to OPACBaseURL. opac/opac-shareshelf.pl had a hard coded 'http://' which was removed. t/db_dependent/Auth_with_cas.t had 'http://' added to the value set for OPACBaseURL. In virtualshelves/sendshelf.pl explicit code which sent the OPACBaseURL preference was removed, since C4/Auth sends it all the time now. C4::Context::set_preference was tweaked to ensure that OPACBaseURL would always start with http. t/db_dependent/Context.t was tweaked to specifically test this. The Shibboleth authentication needs OPACBaseURL set, and that it be https protocol. The _get_uri routine was tweaked to always pass back https:// as the protocol on the OPACBaseURL. t/Auth_with_shibboleth.t was tweaked to specifically test the changes. TEST PLAN --------- This is not an easy patch to test. Difficulties include: - configuring Koha to run under https (tweaking apache2 isn't so hard, just tricky) - configuring Koha to run OPAC and Staff with Plak (since code with comments about plak were sliced out) - configuring Koha to use CAS (may be requires for the CAS test) 1) Apply patch 2) Make sure OPACBaseURL is set without the protocol included. UPDATEDATABASE 3) back up your DB 4) ./installer/data/mysql/updatedatabase.pl -- It should run without errors. 5) Look up the OPACBaseURL system preference in the staff client -- It should have http:// prepended. 6) Run the mysqlclient from your koha git directory USE koha_library; SELECT content FROM letter WHERE content LIKE "%<>%"; -- There should be no prepended http:// on the <>. 7) restore your DB 8) Make sure OPACBaseURL is set with the protocol included, preferably https. -- Using https requires a bunch of apache2 tweaks. AUTH 9) Call up staff client. 10) Call up OPAC. -- C4/Auth.pm doesn't barf. 11) Call up Plack staff client 12) Call up Plack OPAC. -- C4/Auth.pm doesn't barf. 13) prove -v t/db_dependent/Auth.t CONTEXT 14) Home -> Koha administration -> Global System Preferences -> OPAC 15) Modify and save OPACBaseURL to not have http:// or https:// on it. -- It should be modified to include http:// 16) Modify and save another system preference. -- It should save normally 17) prove -v t/db_dependent/Context.t CATALOGUE/DETAIL (tt & pl) 18) Confirm the OPACBaseURL is set 19) Navigate to any biblio details in the staff client -- There should be a "OPAC view" link which has the correct http:// or https:// in it. SQL (sample notices and sysprefs) 20) Run the mysqlclient from your koha git directory USE koha_library; DELETE FROM letter; source installer/data/mysql/de-DE/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/en/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/nb-NO/1-Obligatorisk/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/es-ES/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/it-IT/necessari/notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/pl-PL/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/ru-RU/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/uk-UA/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; -- Each of the selects should should lines that have <> starting them, but no hard-coded http:// DELETE FROM systempreferences; source installer/data/mysql/sysprefs.sql; SELECT * FROM systempreferences WHERE variable='OPACBaseURL'; -- The explanation should reflect the new explanation. QUIT 21) restore your DB 22) Make sure OPACBaseURL is set with the protocol included, preferably https. -- Using https requires a bunch of apache2 tweaks. SLIM2INTRANETDETAIL 23) Set 'XSLTDetailsDisplay' system preference to default. 24) Set 'marcflavour' system preference to MARC21. 25) View any biblio's details. -- the URL beside 'OPAC View' should have the appropriate http:// or https:// 26) Set 'marcflavour' system preference to NORMARC. 27) View any biblio's details. -- the URL beside 'OPAC View' should have the appropriate http:// or https:// OPAC-DETAIL 28) Set 'opacthemes' to bootstrap. 29) Set 'SocialNetworks' to enabled. 30) In OPAC, view any biblio's details. -- the Share links should have the appropriate protocol on the OPACBaseURL. 31) Set 'opacthemes' to prog. 32) In OPAC, view any biblio's details. -- the Share links should have the appropriate protocol on the OPACBaseURL. AUTH_WITH_CAS 33) prove -v t/db_dependent/Auth_with_cas.t OPAC-SHARESHELF 34) Set 'OpacAllowSharingPrivateLists' to allow. 35) In OPAC, 'Save to Lists' a search result. 36) Save it to a new private list. 37) Click the Lists button, and select the new list. 38) Click the Share button. AUTH_WITH_SHIBBOLETH 39) prove -v t/Auth_with_shibboleth.t -- needs to be tests on Debian, because I can't get the Test::DBIx::Class installed in Ubuntu. :( Rebased again on kohadevbox... Signed-off-by: Jonathan Druart Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi commit 8f12796633e71b9c1e8442cdeba2f7333e71ca52 Author: Mark Tompsett Date: Wed Jun 3 15:25:47 2015 -0400 Bug 14325: Test calls C4::Context::set_userenv This is a case of works by accident. This patch corrects the set_userenv call. TEST PLAN --------- 1) prove t/db_dependent/Borrower_Discharge.t -- works 2) git grep :set_userenv -- only this one file. 3) Confirm the the C4/Context.pm has a set_userenv which shifts the first parameter, as intended for a -> call and not a :: call. 4) apply patch 5) prove t/db_dependent/Borrower_Discharge.t -- still works 6) git grep :set_userenv -- nothing now. 7) run koha qa test tools Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi commit b59b9919777444c45e0b8ec4af5cf61dd3f5fa45 Author: Tomas Cohen Arazi Date: Wed May 27 15:31:58 2015 -0300 Bug 14283: Required Devel::Cover should be Wheezy's There's no special requirement for such a recent version of the Devel::Cover package. We have just deprecated Squeeze, so Wheezy's version should be ok. Signed-off-by: Robin Sheat Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 7 +- C4/Auth_with_shibboleth.pm | 16 +- C4/Context.pm | 5 + C4/Installer/PerlDependencies.pm | 2 +- Koha.pm | 2 +- catalogue/detail.pl | 6 - catalogue/itemsearch.pl | 5 +- debian/control | 2 + .../data/mysql/de-DE/mandatory/sample_notices.sql | 2 +- .../data/mysql/en/mandatory/sample_notices.sql | 2 +- .../data/mysql/es-ES/mandatory/sample_notices.sql | 2 +- .../mysql/fr-FR/1-Obligatoire/sample_notices.sql | 2 +- installer/data/mysql/it-IT/necessari/notices.sql | 2 +- .../mysql/nb-NO/1-Obligatorisk/sample_notices.sql | 2 +- .../data/mysql/pl-PL/mandatory/sample_notices.sql | 2 +- .../data/mysql/ru-RU/mandatory/sample_notices.sql | 2 +- installer/data/mysql/sysprefs.sql | 2 +- .../data/mysql/uk-UA/mandatory/sample_notices.sql | 2 +- installer/data/mysql/updatedatabase.pl | 23 +++ .../en/includes/catalogue/itemsearch_item.csv.inc | 2 +- .../csv_headers/catalogue/itemsearch.tt} | 3 - .../intranet-tmpl/prog/en/js/pages/batchMod.js | 10 +- koha-tmpl/intranet-tmpl/prog/en/js/staff-global.js | 2 +- .../prog/en/modules/admin/preferences/opac.pref | 4 +- .../prog/en/modules/catalogue/detail.tt | 10 +- .../prog/en/modules/catalogue/itemsearch.csv.tt | 2 +- .../prog/en/modules/catalogue/results.tt | 2 +- .../prog/en/modules/circ/circulation.tt | 9 +- .../prog/en/xslt/MARC21slim2intranetDetail.xsl | 147 ++++++++++++++-- .../prog/en/xslt/NORMARCslim2intranetDetail.xsl | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-detail.tt | 10 +- .../bootstrap/en/xslt/MARC21slim2OPACDetail.xsl | 175 +++++++++++++++++--- opac/opac-shareshelf.pl | 3 +- t/Auth_with_shibboleth.t | 30 +++- t/db_dependent/Auth.t | 30 +++- t/db_dependent/Auth_with_cas.t | 2 +- t/db_dependent/Borrower_Discharge.t | 2 +- t/db_dependent/Context.t | 28 +++- virtualshelves/sendshelf.pl | 5 - 39 files changed, 463 insertions(+), 103 deletions(-) copy koha-tmpl/intranet-tmpl/prog/en/{modules/catalogue/itemsearch.csv.tt => includes/csv_headers/catalogue/itemsearch.tt} (59%) create mode 100644 koha-tmpl/intranet-tmpl/prog/en/includes/empty_line.inc hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 4 15:57:27 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 04 Jun 2015 13:57:27 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-85-ge178435 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via e178435ca7d1dc27b71569f0a3606ce86d5e8506 (commit) via 42a5ef16806c906111528b9acb5ceed703722d7c (commit) via 49c364f94b54fa5db5388d2125d1392581108dc9 (commit) via 22c5c4b468b3584ed8bf45039c1494e969f2d66b (commit) via 2fa99fc7a0c5fe107d5e29f7f14af0cf6dc6efba (commit) via 6882949b1b3bd1284e3d2877244a64edee3883ca (commit) from 8e726e3ee1e519d138074a986c27a2c393e23701 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e178435ca7d1dc27b71569f0a3606ce86d5e8506 Author: Tomas Cohen Arazi Date: Thu Jun 4 10:52:39 2015 -0300 Bug 14024: DBRev 3.21.00.005 Signed-off-by: Tomas Cohen Arazi commit 42a5ef16806c906111528b9acb5ceed703722d7c Author: Marc V?ron Date: Thu Apr 23 08:48:15 2015 +0200 Bug 14024 - add reports to action logs See QA comment #5 - new reports log their Id instead of 0 - format info: | Signed-off-by: Nicole Engard Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 49c364f94b54fa5db5388d2125d1392581108dc9 Author: Marc V?ron Date: Mon Apr 20 22:13:04 2015 +0200 Bug 14024 - add reports to action logs This patch sets adds the possibility to log new, update and delete actions for saved reports. To test: -Apply patch -Run updatedatabase.pl -Enable system preference ReportsLog -Create, duplicate, edit and delete saved reports -Go to Home > Tools > Logs -Verify that you can select "Reports" in Modules list -Verify that your actions were logged Signed-off-by: Nicole Engard Signed-off-by: Nicole Engard Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 22c5c4b468b3584ed8bf45039c1494e969f2d66b Author: Marc V?ron Date: Tue Jun 2 09:54:15 2015 +0200 Bug 14313: OPAC - Adding a comment makes result browser disappear To reproduce: - Allow commenting in OPAC (Syspref reviewson) - Log in to OPAC - Do a search with many results - Click on a biblio in result list - Verify that you can browse the results in detail view ("Browse results") - Repeat teh search above - Click on the same biblio as above - Add a comment (Tab "Comments") - Close commenting window - Click on "Next" in result browser Result: The next biblio is displayed, but result browser has disappeared. To test: - Apply patch - Try to reproduce issue above, verify that result browser does no longer disappear AMended to remove whitespace chars. / MV Signed-off-by: Bernardo Gonzalez Kriegel Bug & solution checked, works well. No koha-qa errors Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 2fa99fc7a0c5fe107d5e29f7f14af0cf6dc6efba Author: Jonathan Druart Date: Thu Jun 4 12:05:17 2015 +0200 Bug 13967: Add a couple of tests for SysPref and Object Signed-off-by: Jonathan Druart commit 6882949b1b3bd1284e3d2877244a64edee3883ca Author: Kyle M Hall Date: Wed Apr 8 06:38:34 2015 -0400 Bug 13967 - System preferences need a package System preferences should have a package based on Koha::Object to remove the need for direct manipulation via SQL. Test Plan: 1) Apply this patch 2) prove t/db_dependent/sysprefs.t Signed-off-by: Chris Nighswonger Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 7 +++- C4/Context.pm | 41 +++++++------------- C4/Reports/Guided.pm | 6 ++- Koha.pm | 2 +- Koha/{Borrower.pm => Config/SysPref.pm} | 6 +-- Koha/{Borrowers.pm => Config/SysPrefs.pm} | 10 ++--- Koha/Objects.pm | 2 + installer/data/mysql/sysprefs.sql | 1 + installer/data/mysql/updatedatabase.pl | 10 +++++ .../prog/en/modules/admin/preferences/logs.pref | 6 +++ .../intranet-tmpl/prog/en/modules/tools/viewlog.tt | 3 +- reports/guided_reports.pl | 4 ++ t/db_dependent/Borrowers.t | 5 ++- t/db_dependent/sysprefs.t | 24 +++++++----- 14 files changed, 77 insertions(+), 50 deletions(-) copy Koha/{Borrower.pm => Config/SysPref.pm} (88%) copy Koha/{Borrowers.pm => Config/SysPrefs.pm} (84%) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 4 16:13:45 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 04 Jun 2015 14:13:45 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-89-gd76c9f4 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via d76c9f4850c9ba7605f2c405838f973c70a70b61 (commit) via 3cd086b6b6be08d902a479f302ccf18e55de911b (commit) via f327ebe540103905ccc4d36dcc5275b1b5644be5 (commit) via 5bbea3ea2ca08e7d1b785cdfb90524bb29f553ac (commit) from e178435ca7d1dc27b71569f0a3606ce86d5e8506 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d76c9f4850c9ba7605f2c405838f973c70a70b61 Author: Kyle M Hall Date: Mon May 4 12:50:28 2015 -0400 Bug 14142 - Holds queue viewer only displays first subtitle from marc keyword mappings Despite the point of the Keyword to MARC Mappings being to simplify the handling and display of repeated values from multiple subfields, the holds queue viewer will only display the first value found. What it should be doing instead is displaying all fields that match the subtitle keyword. Test Plan: 1) Apply this patch 2) Define multiple Keyword to MARC mappings for the subtitle keyword 3) Place a hold on a record using those subtitle fields 4) View the hold in the holds queue viewer 5) Note that all the subtitles now appear Signed-off-by:Heather Braum Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 3cd086b6b6be08d902a479f302ccf18e55de911b Author: Dobrica Pavlinusic Date: Tue Mar 10 13:35:03 2015 +0100 Bug 13815 - plack loose CGI qw(-utf8) flag creating incorrect utf-8 encoding everywhere This is major problem for plack installations with utf-8 encoding. In this case, we are overriding CGI->new to setup utf-8 flag and get correctly decoded $cgi->params, and reset syspref cache using C4::Context->clear_syspref_cache Test scenario: 1. under plack try to search with utf-8 charactes 2. try to find patron with utf-8 characters Signed-off-by: Gaetan Boisson Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit f327ebe540103905ccc4d36dcc5275b1b5644be5 Author: Marcel de Rooy Date: Mon May 25 11:32:51 2015 +0200 Bug 14267: How active is active? git grep on function active in additem.tt: koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/additem.tt:function active(n koha-tmpl/intranet-tmpl/prog/en/modules/serials/serial-issues-full.tt:active([% koha-tmpl/intranet-tmpl/prog/en/modules/serials/serial-issues-full.tt:function a koha-tmpl/intranet-tmpl/prog/en/modules/serials/serial-issues-full.tt: t/Cache.t: unless ( $cache->is_cache_active() && defined $cache ); t/Cache.t: unless ( $cache->is_cache_active() ); Conclusion: active in additem seems to be quite inactive. Test plan: Add, edit or delete items and verify that you did not miss active :) NOTE: The active function has a loop which is always run. Inside that loop 'ong' would always be defined as some number concatenated with XX. Both sides of the if/else reference document.getElementById(ong), but there is only one occurence of XX in the file: the concatenation! Similarly, the 'link' logic does not correspond to any of the id= or name= strings in the file. koha-tmpl/intranet-tmpl/prog/en/modules/admin/marc_subfields_structure.tt is the only file with "id=\"link" that matches the logic. This is likely a cut-and-paste remnant made useless by datatable upgrades and HTML/CSS class changes. Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 5bbea3ea2ca08e7d1b785cdfb90524bb29f553ac Author: Katrin Fischer Date: Mon May 25 12:13:08 2015 +0200 Bug 14269: OPAC: Some template improvements for the full serial history page - Fix filter labels: Library : -> Library: Subscription : -> Subscription: - Make '(All)' entry in filter pull downs translatable - Show branch name instead of branchcode in table and filter To test: - Verify changes as described above - Verify filters still work as expected Followed test plan. Works as expected. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/HoldsQueue.pm | 2 +- .../prog/en/modules/cataloguing/additem.tt | 16 ---------------- .../prog/en/modules/circ/view_holdsqueue.tt | 2 +- .../bootstrap/en/modules/opac-full-serial-issues.tt | 15 ++++++++------- misc/plack/koha.psgi | 12 ++++++++++++ 5 files changed, 22 insertions(+), 25 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 4 20:16:50 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 04 Jun 2015 18:16:50 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-91-gfed5e7b Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via fed5e7b6bb1be35b2bd8e0177cba96292cdba8ee (commit) via 2e11350fe378daa6f90f1750422f081538e15138 (commit) from d76c9f4850c9ba7605f2c405838f973c70a70b61 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit fed5e7b6bb1be35b2bd8e0177cba96292cdba8ee Author: Tomas Cohen Arazi Date: Thu Jun 4 15:15:32 2015 -0300 Bug 13967: (RM followup) fix merge error When I merged 13967 into master (with 5010 already on it) I inadvertedly removed a few lines that add a check for bad OPACBaseURL values. While I don't agree with that check it should be discussed on a separate bug anyway. Signed-off-by: Tomas Cohen Arazi commit 2e11350fe378daa6f90f1750422f081538e15138 Author: Tomas Cohen Arazi Date: Thu Jun 4 15:12:45 2015 -0300 Bug 13967: (QA followup) Make DBIx control transactions on tests Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Context.pm | 5 +++++ t/db_dependent/Acquisition.t | 8 ++++++-- t/db_dependent/Acquisition/CancelReceipt.t | 6 ++++-- t/db_dependent/Acquisition/GetBasketsInfosByBookseller.t | 8 +++++--- t/db_dependent/Acquisition/GetOrdersByBiblionumber.t | 7 ++++--- t/db_dependent/Acquisition/Invoices.t | 6 ++++-- t/db_dependent/Acquisition/NewOrder.t | 6 +++++- t/db_dependent/Acquisition/OrderFromSubscription.t | 6 ++++-- t/db_dependent/Acquisition/OrderUsers.t | 7 +++++-- t/db_dependent/Acquisition/TransferOrder.t | 7 +++++-- t/db_dependent/Acquisition/close_reopen_basket.t | 8 +++++--- 11 files changed, 52 insertions(+), 22 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Fri Jun 5 18:00:21 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Fri, 05 Jun 2015 16:00:21 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-98-g83c6817 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 83c6817a86de68fb08cb73aef3b8b46d12587116 (commit) via 7928cdfbd405de9d4a8fffc535d3dcbd9a95226c (commit) via 2e23236c9f29cd59d9dc9d9df7ab6da49f256699 (commit) via ab0a0af1cbb16b1b4578ea565ed67aae57915a2a (commit) via c2650e20f9cc5c9e17eea199d19022a144c6e9c8 (commit) via e6040977409ffe4dc6a23f6d76c3bd1f528837d0 (commit) via 8e9f89e92b48f1aac786e9b5608338a14603f52f (commit) from fed5e7b6bb1be35b2bd8e0177cba96292cdba8ee (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 83c6817a86de68fb08cb73aef3b8b46d12587116 Author: Marcel de Rooy Date: Tue May 26 14:52:07 2015 +0200 Bug 14276: Keep highlight on the active item in item editor The highlight only works on even items. This patch should resolve it. Test plan: Edit biblio with multiple items. Verify that the highlight is visible on the selected item you edit. And that there is no highlight for a new item. Signed-off-by: Jonathan Druart Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 7928cdfbd405de9d4a8fffc535d3dcbd9a95226c Author: Bernardo Gonzalez Kriegel Date: Mon Jun 1 15:34:00 2015 -0300 Bug 14173: Paging on 'recent comments' page in OPAC is not displaying correctly This patch corrects the display of current page on a multipage recent comments. To test: 1) Enable OpacShowRecentComments 2) Add multiple comments to multiple records I used a script to add multiple lines like "insert into reviews values ($i, 51, $i, 'Comment $i', 1, '2015-06-01 00:00:00')" to table reviews 3) On OPAC, go to 'Recent comments', verify the bug 4) Apply the patch 5) Reload and check correct display Can't found missing space near 'by' from description. Display is correct for me. Followed test plan, displays as expected. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 2e23236c9f29cd59d9dc9d9df7ab6da49f256699 Author: David Cook Date: Thu Sep 5 15:21:51 2013 +1000 Bug 10824: OAI-PMH repository/server not handling time in 'until' and 'from' This patch removes the DATE() function from a query on timestamp, and adds a sub that strips the UTC designators "T" and "Z" from incoming "from" and "until" arguments in OAI-PMH requests so that they're more compliant with MySQL (and probably other databases as well). This means that the date and time for the 'from' and 'until' arguments will be matched correctly in the database. This patch also adds 'T00:00:00Z' to 'from' arguments and 'T23:59:59Z' to until arguments, when only dates are provided via the OAI parameters. The zero time isn't necessary, since MySQL treats '2013-09-30' as '2013-09-30 00:00:00' by default. However, the near midnight time is needed for 'until'. Otherwise, you'll never be able to retrieve a record with a date/time matching the 'until' argument. In summary, this patch adds handling for times as well as dates, which is necessary so that Koha is closer to meeting the actual OAI-PMH spec. TEST PLAN: 0) Note down a selection of timestamps from your biblio table 1) Enable your OAI-PMH server through the global system preferences Web services tab. 2) Craft and submit a similar request to the following in your browser: KOHAINSTANCE/cgi-bin/koha/oai.pl?verb=ListRecords&metadataPrefix=oai_dc& from=2013-09-02T13:44:33Z&until=2013-09-05T13:44:33Z Change the exact dates to accord with your timestamps, but keep the YYYY-MM-DDTHH:MM:SSZ format. 3) Note the unexpected behaviour. A "from" argument with the timestamp 2013-09-02T13:44:33Z will show records from 2013-09-03 but not records from 2013-09-02 even though the timestamp in the database will say "2013-09-02 13:44:33". Also note that records with a timestamp later than 13:44:33 will show up for the day 2013-09-05, even though they shouldn't. 4) APPLY THE PATCH 5) Resubmit the links you tried above 6) Note that the applicable records now appear (or do not appear) in accordance with the precise date/time ranges! -- Developer Note: We could've not stripped the UTC designators and used DATE() around the parameters in the SQL queries, but that would have lost the whole purpose of using times in the "from" arguments, since they would've been generalized to just the dates. I think this is probably the best solution. Admittedly, creating "form_arg" and "until_arg" hashrefs in the ResumptionToken object might not be ideal, but I preferred that to copying the _strip_UTC_designator subroutine into two other objects. Perhaps this sub could go somewhere else and be imported into those other two objects but this seemed to be the most sensible decision. I'm open to other opinions though. Signed-off-by: Bernardo Gonzalez Kriegel Works, find results with correct timestamp No koha-qa errors Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit ab0a0af1cbb16b1b4578ea565ed67aae57915a2a Author: Katrin Fischer Date: Mon May 25 09:21:53 2015 +0200 Bug 13619: Acq home: ensure 'manage suggestions' goes to pending suggestions The link on the start page of Koha goes to the pending suggestions tab explicitly. The link on the acquisition start page doesn't do that so when you have your own status it might show another tab first. Patch links to be the same and explicitly target the pending tab. To test: - create a new suggestion - verify link from the acq start page leads to the pending tab - verify link from the Koha start page does the same Signed-off-by: Marjorie Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit c2650e20f9cc5c9e17eea199d19022a144c6e9c8 Author: Josef Moravec Date: Fri May 15 11:03:21 2015 +0200 Bug 13656: "Change"/"Set to patron" button for linking a member to an organisation (or child to guarantor) not translatable Test plan: 1. install and activate an additional language 2. create patron in organization category 3. create professional patron 4. try to add this patron to an organization (Guarantor information section) 5. note that the left button text changed to "Change" - untranslated english string 6. push the "Delete" button, the guarantor patron field is cleared and the left button text changed to "Set to patron" - again original english text 7. apply the patch 7.1. update translation (koha-translate -u language_code) 8. repeat 4-6, note, that button text are still translated in all sitations 9. sign off ;) Signed-off-by: Bernardo Gonzalez Kriegel Work as described, no errors Fixed message capitalization Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit e6040977409ffe4dc6a23f6d76c3bd1f528837d0 Author: Jonathan Druart Date: Tue Feb 3 13:25:47 2015 +0100 Bug 13662: Fix the serials.receive_serials permissions There are some issues with serial permissions. For instance it's not possible to receive serials if the edit_subscription is not set. Also the toolbar is empty. Test plan: 1/ Set the serials => receive_serials permissions to a patron (and only this one for the serials module). 2/ Verify you cannot create a new subscription, you can search subscriptions but cannot edit them. 3/ On the serial result list, receive a serial (action > Serial receive). You can now change the status and receive it. 4/ On the serial collection, you can edit 1+ serials to reveice it. 5/ Set the serials => edit_subscription permission and confirm there is no regression. QA note: I think we should introduce a C4::Serials::can_receive_serials subroutine, to test the IndependentBranches pref, but I don't want to add to much processing to check permissions. Signed-off-by: Paola Rossi Signed-off-by: Brendan Gallagher Signed-off-by: Tomas Cohen Arazi commit 8e9f89e92b48f1aac786e9b5608338a14603f52f Author: Kyle M Hall Date: Fri May 29 09:36:34 2015 -0400 Bug 14299: Today's checkouts not always sorting correctly Sometimes the today's checkouts do not sort correctly. This is due to a simple typo in the comparison line where the bad key 'timstamp' is compared against the correct key 'timestamp'. Test Plan: 1) Check out a decent number of items in a row ( 5+ ) 2) Hopefully you will see they are sorted incorrectly 3) Apply this patch 4) Reload the page 5) Note they are now sorted correctly Followed test plan. Works as expected. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: .../prog/en/includes/serials-toolbar.inc | 95 ++++++++++---------- .../prog/en/modules/acqui/acqui-home.tt | 2 +- .../prog/en/modules/cataloguing/additem.tt | 11 +-- .../prog/en/modules/members/memberentrygen.tt | 4 +- .../prog/en/modules/serials/serials-collection.tt | 2 +- .../bootstrap/en/modules/opac-showreviews.tt | 2 +- opac/oai.pl | 20 ++++- serials/serials-edit.pl | 1 + svc/checkouts | 2 +- 9 files changed, 73 insertions(+), 66 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Fri Jun 5 21:10:48 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Fri, 05 Jun 2015 19:10:48 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-103-g5a02cf9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 5a02cf9b48685d3b71397f86a862b2d7535a68b6 (commit) via 5b554d1a86291b77f8ab161b8ae01fe1e806aff1 (commit) via 25caeacaed3aff67dad4df694b92dfe2b0546034 (commit) via 5cb9913ee32de831951accf27840d8126c79b1d9 (commit) via baea0a79d5d4dbe46eb052d7e52f5dcf7b5242bc (commit) from 83c6817a86de68fb08cb73aef3b8b46d12587116 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 5a02cf9b48685d3b71397f86a862b2d7535a68b6 Author: Jonathan Druart Date: Tue Apr 21 16:24:15 2015 +0200 Bug 10938: Item columns displayed in random order - OPAC Same as before for the OPAC. Signed-off-by: Bernardo Gonzalez Kriegel Good result, no errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 5b554d1a86291b77f8ab161b8ae01fe1e806aff1 Author: Jonathan Druart Date: Tue Apr 21 16:02:01 2015 +0200 Bug 10938: Item columns displayed in random order On the MARC detail page, the columns are displayed in a random order. This means that you can open 2 different records and see the columns displayed in a different order. Test plan: Go on different MARC detail view and confirm that 1/ all fields are present and 2/ they always are displayed in the same order Signed-off-by: Bernardo Gonzalez Kriegel 1/ & 2/ correct No errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 25caeacaed3aff67dad4df694b92dfe2b0546034 Author: Tomas Cohen Arazi Date: Fri Jun 5 13:50:14 2015 -0300 Bug 7976: DBRev 3.21.00.006 Signed-off-by: Tomas Cohen Arazi commit 5cb9913ee32de831951accf27840d8126c79b1d9 Author: Jonathan Druart Date: Thu Apr 16 09:46:26 2015 +0200 Bug 7976: Update borrowers.flags The borrowers.flags values need to be updated to prevent side effects. Test plan: Set the borrow permission flags for some borrowers Execute the updatedb entry and verify the flags has been updated (-128) only for borrowers with this permission set. Signed-off-by: Bernardo Gonzalez Kriegel Moved updatedatabase entry (was in wrong position) to atomicupdate with commented copy of orignal No koha-qa errors Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit baea0a79d5d4dbe46eb052d7e52f5dcf7b5242bc Author: Jonathan Druart Date: Mon Mar 30 18:18:16 2015 +0200 Bug 7976: Remove the borrow permission The borrow permission was used but uselessly. For instance, at the opac, the flagsrequired parameter was set to 'borrow' but the 'authnotrequired' was set also (which means no auth required). At the end, this permission was used at only 1 place: for the basket, intranet side. This can be replaced with the catalogue permission (which is used to search). Test plan: 1/ Confirm that you are able to show/download/sent the cart (intranet side) with the catalogue permission. 2/ At the OPAC, you should be able to access the same pages as before with any other permissions. Concretely it is quite difficult to test this patch, you should have a look at the code. Signed-off-by: Nick Clemens Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 5 +- C4/InstallAuth.pm | 31 +++++----- Koha.pm | 2 +- basket/basket.pl | 2 +- basket/downloadcart.pl | 2 +- basket/sendbasket.pl | 2 +- catalogue/MARCdetail.pl | 54 ++++++----------- installer/data/mysql/de-DE/mandatory/userflags.sql | 1 - installer/data/mysql/en/mandatory/userflags.sql | 1 - installer/data/mysql/es-ES/mandatory/userflags.sql | 1 - .../data/mysql/fr-FR/1-Obligatoire/userflags.sql | 1 - installer/data/mysql/it-IT/necessari/userflags.sql | 1 - .../data/mysql/nb-NO/1-Obligatorisk/userflags.sql | 1 - installer/data/mysql/pl-PL/mandatory/userflags.sql | 1 - .../ru-RU/mandatory/permissions_and_user_flags.sql | 1 - .../uk-UA/mandatory/permissions_and_user_flags.sql | 1 - installer/data/mysql/updatedatabase.pl | 17 ++++++ .../prog/en/modules/catalogue/MARCdetail.tt | 12 ++-- .../bootstrap/en/modules/opac-MARCdetail.tt | 12 ++-- opac/opac-MARCdetail.pl | 64 ++++++++------------ opac/opac-account.pl | 1 - opac/opac-basket.pl | 1 - opac/opac-detail.pl | 1 - opac/opac-downloadcart.pl | 3 +- opac/opac-downloadshelf.pl | 3 +- opac/opac-ics.pl | 1 - opac/opac-imageviewer.pl | 1 - opac/opac-main.pl | 1 - opac/opac-messaging.pl | 1 - opac/opac-modrequest-suspend.pl | 1 - opac/opac-modrequest.pl | 1 - opac/opac-mymessages.pl | 1 - opac/opac-passwd.pl | 1 - opac/opac-privacy.pl | 1 - opac/opac-readingrecord.pl | 1 - opac/opac-renew.pl | 1 - opac/opac-reserve.pl | 1 - opac/opac-sendbasket.pl | 2 - opac/opac-sendshelf.pl | 2 - opac/opac-user.pl | 1 - opac/svc/shelfbrowser.pl | 1 - 41 files changed, 97 insertions(+), 142 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Sun Jun 7 09:48:27 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Sun, 07 Jun 2015 07:48:27 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-29-g1b56130 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 1b56130e80751bb245757af3698c41aefc87bf88 (commit) via bb7148291717ae55a533c87b13960ac0327b75de (commit) via db5964b1501c3bc351b0b77585f73fd22a36c8dd (commit) via fc5cc2353cf707a38d84b50e2a196d4615fcaac5 (commit) from 77c9563f1ed1c89266f4308cff165a78782289f6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1b56130e80751bb245757af3698c41aefc87bf88 Author: Chris Cormack Date: Sun Jun 7 19:49:46 2015 +1200 Bug 5010 : Updating database to 3.20.00.002 commit bb7148291717ae55a533c87b13960ac0327b75de Author: Jonathan Druart Date: Wed Apr 29 12:59:23 2015 +0200 Bug 5010: Fix - replace tab with spaces Signed-off-by: Jonathan Druart Signed-off-by: Bernardo Gonzalez Kriegel No errors. Tested what I can, not plack/shibboleth/cas Perhaps this can pass and we can fix any problem later (for 3.22) Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 3b4c4a486133882d435369c264dc7b74b5e769f6) Signed-off-by: Chris Cormack commit db5964b1501c3bc351b0b77585f73fd22a36c8dd Author: Mark Tompsett Date: Wed Feb 11 15:26:13 2015 +0000 Bug 5010: Fix OPACBaseURL to include protocol First, it is strongly recommended to set the OPACBaseURL. But this patch allows the inclusion of the protocol and not just a site. Next, C4/Auth now puts OPACBaseURL into the template parameters regardless of OPAC or Staff clients. t/db_dependent/Auth.t was tweaked to add a check for confirming that get_template_and_user adds OPACBaseURL to both OPAC and Staff templates. In the staff client, once the OPACBaseURL is set, you get a nice OPAC View link when viewing a biblio's detail. It should reflect the protocol used now. Hard coded 'http://' strings were removed from the sample_notices.sql files. This is what required also updating the letters table in the updatedatabase.pl script. The explanation text in the sysprefs.sql needed updating too to reflect the inclusion of the protocol. And this was the other update done in the updatedatabase.pl script. The opac.pref file was similarly changed as well. catalogue/detail.pl had no need to pass a custom OpacUrl value, since C4/Auth passes the required OPACBaseURL, so it and the corresponding template were modified. Both the MARC21 and NORMARC intranet details files had 'http://' hard coded in them. This was removed. Both the bootstrap and prog theme opac-detail template had a protocol parameter that was used. The logic for the parameter was not removed, because it is used extensively in one template. Perhaps it should be used to simplify the other. However, the calculated current_url parameter had references to the protocol removed, because of the changes to OPACBaseURL. opac/opac-shareshelf.pl had a hard coded 'http://' which was removed. t/db_dependent/Auth_with_cas.t had 'http://' added to the value set for OPACBaseURL. In virtualshelves/sendshelf.pl explicit code which sent the OPACBaseURL preference was removed, since C4/Auth sends it all the time now. C4::Context::set_preference was tweaked to ensure that OPACBaseURL would always start with http. t/db_dependent/Context.t was tweaked to specifically test this. The Shibboleth authentication needs OPACBaseURL set, and that it be https protocol. The _get_uri routine was tweaked to always pass back https:// as the protocol on the OPACBaseURL. t/Auth_with_shibboleth.t was tweaked to specifically test the changes. TEST PLAN --------- This is not an easy patch to test. Difficulties include: - configuring Koha to run under https (tweaking apache2 isn't so hard, just tricky) - configuring Koha to run OPAC and Staff with Plak (since code with comments about plak were sliced out) - configuring Koha to use CAS (may be requires for the CAS test) 1) Apply patch 2) Make sure OPACBaseURL is set without the protocol included. UPDATEDATABASE 3) back up your DB 4) ./installer/data/mysql/updatedatabase.pl -- It should run without errors. 5) Look up the OPACBaseURL system preference in the staff client -- It should have http:// prepended. 6) Run the mysqlclient from your koha git directory USE koha_library; SELECT content FROM letter WHERE content LIKE "%<>%"; -- There should be no prepended http:// on the <>. 7) restore your DB 8) Make sure OPACBaseURL is set with the protocol included, preferably https. -- Using https requires a bunch of apache2 tweaks. AUTH 9) Call up staff client. 10) Call up OPAC. -- C4/Auth.pm doesn't barf. 11) Call up Plack staff client 12) Call up Plack OPAC. -- C4/Auth.pm doesn't barf. 13) prove -v t/db_dependent/Auth.t CONTEXT 14) Home -> Koha administration -> Global System Preferences -> OPAC 15) Modify and save OPACBaseURL to not have http:// or https:// on it. -- It should be modified to include http:// 16) Modify and save another system preference. -- It should save normally 17) prove -v t/db_dependent/Context.t CATALOGUE/DETAIL (tt & pl) 18) Confirm the OPACBaseURL is set 19) Navigate to any biblio details in the staff client -- There should be a "OPAC view" link which has the correct http:// or https:// in it. SQL (sample notices and sysprefs) 20) Run the mysqlclient from your koha git directory USE koha_library; DELETE FROM letter; source installer/data/mysql/de-DE/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/en/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/nb-NO/1-Obligatorisk/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/es-ES/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/fr-FR/1-Obligatoire/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/it-IT/necessari/notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/pl-PL/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/ru-RU/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; DELETE FROM letter; source installer/data/mysql/uk-UA/mandatory/sample_notices.sql; SELECT content FROM letter WHERE content LIKE "%<>%"; -- Each of the selects should should lines that have <> starting them, but no hard-coded http:// DELETE FROM systempreferences; source installer/data/mysql/sysprefs.sql; SELECT * FROM systempreferences WHERE variable='OPACBaseURL'; -- The explanation should reflect the new explanation. QUIT 21) restore your DB 22) Make sure OPACBaseURL is set with the protocol included, preferably https. -- Using https requires a bunch of apache2 tweaks. SLIM2INTRANETDETAIL 23) Set 'XSLTDetailsDisplay' system preference to default. 24) Set 'marcflavour' system preference to MARC21. 25) View any biblio's details. -- the URL beside 'OPAC View' should have the appropriate http:// or https:// 26) Set 'marcflavour' system preference to NORMARC. 27) View any biblio's details. -- the URL beside 'OPAC View' should have the appropriate http:// or https:// OPAC-DETAIL 28) Set 'opacthemes' to bootstrap. 29) Set 'SocialNetworks' to enabled. 30) In OPAC, view any biblio's details. -- the Share links should have the appropriate protocol on the OPACBaseURL. 31) Set 'opacthemes' to prog. 32) In OPAC, view any biblio's details. -- the Share links should have the appropriate protocol on the OPACBaseURL. AUTH_WITH_CAS 33) prove -v t/db_dependent/Auth_with_cas.t OPAC-SHARESHELF 34) Set 'OpacAllowSharingPrivateLists' to allow. 35) In OPAC, 'Save to Lists' a search result. 36) Save it to a new private list. 37) Click the Lists button, and select the new list. 38) Click the Share button. AUTH_WITH_SHIBBOLETH 39) prove -v t/Auth_with_shibboleth.t -- needs to be tests on Debian, because I can't get the Test::DBIx::Class installed in Ubuntu. :( Rebased again on kohadevbox... Signed-off-by: Jonathan Druart Signed-off-by: Bernardo Gonzalez Kriegel Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 1651cf70d10101739e3a7ff943fb709cedf6dccf) Signed-off-by: Chris Cormack commit fc5cc2353cf707a38d84b50e2a196d4615fcaac5 Author: Mark Tompsett Date: Wed Jun 3 15:25:47 2015 -0400 Bug 14325: Test calls C4::Context::set_userenv This is a case of works by accident. This patch corrects the set_userenv call. TEST PLAN --------- 1) prove t/db_dependent/Borrower_Discharge.t -- works 2) git grep :set_userenv -- only this one file. 3) Confirm the the C4/Context.pm has a set_userenv which shifts the first parameter, as intended for a -> call and not a :: call. 4) apply patch 5) prove t/db_dependent/Borrower_Discharge.t -- still works 6) git grep :set_userenv -- nothing now. 7) run koha qa test tools Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 8f12796633e71b9c1e8442cdeba2f7333e71ca52) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 7 +---- C4/Auth_with_shibboleth.pm | 16 ++++++++++- C4/Context.pm | 5 ++++ Koha.pm | 2 +- catalogue/detail.pl | 6 ---- .../data/mysql/de-DE/mandatory/sample_notices.sql | 2 +- .../data/mysql/en/mandatory/sample_notices.sql | 2 +- .../data/mysql/es-ES/mandatory/sample_notices.sql | 2 +- .../mysql/fr-FR/1-Obligatoire/sample_notices.sql | 2 +- installer/data/mysql/it-IT/necessari/notices.sql | 2 +- .../mysql/nb-NO/1-Obligatorisk/sample_notices.sql | 2 +- .../data/mysql/pl-PL/mandatory/sample_notices.sql | 2 +- .../data/mysql/ru-RU/mandatory/sample_notices.sql | 2 +- installer/data/mysql/sysprefs.sql | 2 +- .../data/mysql/uk-UA/mandatory/sample_notices.sql | 2 +- installer/data/mysql/updatedatabase.pl | 23 +++++++++++++++ .../prog/en/modules/admin/preferences/opac.pref | 4 +-- .../prog/en/modules/catalogue/detail.tt | 10 +++---- .../prog/en/xslt/MARC21slim2intranetDetail.xsl | 2 +- .../prog/en/xslt/NORMARCslim2intranetDetail.xsl | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-detail.tt | 10 +++---- opac/opac-shareshelf.pl | 3 +- t/Auth_with_shibboleth.t | 26 +++++++++++++++-- t/db_dependent/Auth.t | 30 +++++++++++++++++++- t/db_dependent/Auth_with_cas.t | 2 +- t/db_dependent/Borrower_Discharge.t | 2 +- t/db_dependent/Context.t | 28 +++++++++++++++++- virtualshelves/sendshelf.pl | 5 ---- 28 files changed, 152 insertions(+), 51 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Sun Jun 7 09:59:28 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Sun, 07 Jun 2015 07:59:28 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-32-g7fd329a Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 7fd329a520e6123ff61a74efd675370d7877b24e (commit) via ac78b4aa3f4cb38cbf524f74b5a8a12857e67ee8 (commit) via 433441685b68effebdba5876103c3a08cf62f6ee (commit) from 1b56130e80751bb245757af3698c41aefc87bf88 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7fd329a520e6123ff61a74efd675370d7877b24e Author: Jonathan Druart Date: Sun May 24 18:00:57 2015 +0200 Bug 14263: Fix export of item search results when translated This csv does not use the correct way to display headers. They should be put in a separate file to get a correct display. Without this patch, the first line of the generated file contains the headers + data Test plan: 1/ choose a language and update + translate the templates for instance: cd misc/translate; ./translate update es-ES; ./translate install es-ES 2/ Go to the item search form using this language 3/ Launch a search and select CSV to display the results. The CSV headers should be correct Signed-off-by: Frederic Demians Seen the bug. Works as described. Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit ece2b02a57fdb692c02f00540df436af1f5ba971) Signed-off-by: Chris Cormack commit ac78b4aa3f4cb38cbf524f74b5a8a12857e67ee8 Author: Jonathan Druart Date: Tue Apr 28 12:52:36 2015 +0200 Bug 12320: Remove deprecated construct to delete cookie showColumns $.cookie('foo', null); is deprecated and should be replaced with $.removeCookie('foo'); This patch replaces the occurrences for the "showColumns" cookie. Before this patch, there was a bug on the batchmod tools. To reproduce the issue: 1/ Go on the Batch item modification tool 2/ Fill the textarea with barcodes and submit 3/ Click on some column names (to create the cookie) 4/ Click on 'Show all columns" (to set the cookie to null) 5/ Don't submit and repeat steps 1 & 2 6/ You should see a js error: Error: Syntax error, unrecognized expression: :nth-child ...break;q=a}return s},m.error=function(a){throw new Error("Syntax error, unrecogni... Test plan: Confirm the issue has gone away and there is no regression on the column selection Signed-off-by: Bernardo Gonzalez Kriegel No js error, no regressions, no errors Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 0fa0297d7da7af6a9f4cd82b34ac86018391289f) Signed-off-by: Chris Cormack commit 433441685b68effebdba5876103c3a08cf62f6ee Author: Jonathan Druart Date: Tue Apr 28 12:52:00 2015 +0200 Bug 12320: Remove deprecated construct to delete cookie holdfor $.cookie('foo', null); is deprecated and should be replaced with $.removeCookie('foo'); This patch replaces the occurrences for the "holdfor" cookie. Test plan: 1/ Search for a patron 2/ On the patron detail page, click on "search to hold" 3/ Search for records 4/ On the results page, click on "Place hold" > "Forget PATRON" 5/ Reload the page. 6/ The "Place hold" button should not contain the patron anymore Signed-off-by: Bernardo Gonzalez Kriegel Works as described, no errors Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 04f5e7d4e7db833c18afe27a4dc4fd5b66b41099) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: catalogue/itemsearch.pl | 5 ++++- .../prog/en/includes/catalogue/itemsearch_item.csv.inc | 2 +- .../csv_headers/catalogue/itemsearch.tt} | 3 --- koha-tmpl/intranet-tmpl/prog/en/js/pages/batchMod.js | 10 +++++----- koha-tmpl/intranet-tmpl/prog/en/js/staff-global.js | 2 +- .../prog/en/modules/catalogue/itemsearch.csv.tt | 2 +- koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/results.tt | 2 +- koha-tmpl/intranet-tmpl/prog/en/modules/circ/circulation.tt | 9 ++++++++- 8 files changed, 21 insertions(+), 14 deletions(-) copy koha-tmpl/intranet-tmpl/prog/en/{modules/catalogue/itemsearch.csv.tt => includes/csv_headers/catalogue/itemsearch.tt} (59%) create mode 100644 koha-tmpl/intranet-tmpl/prog/en/includes/empty_line.inc hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Sun Jun 7 10:14:03 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Sun, 07 Jun 2015 08:14:03 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-35-g630faec Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 630faec194d5341f33e95704163d8022d5fe1519 (commit) via b2689594e36ef9d17b6efe1070ed5960f96dc479 (commit) via 740ba172eb96c4dbfc5ec4c553d04c43f9c5136f (commit) from 7fd329a520e6123ff61a74efd675370d7877b24e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 630faec194d5341f33e95704163d8022d5fe1519 Author: Marcel de Rooy Date: Mon May 25 11:32:51 2015 +0200 Bug 14267: How active is active? git grep on function active in additem.tt: koha-tmpl/intranet-tmpl/prog/en/modules/cataloguing/additem.tt:function active(n koha-tmpl/intranet-tmpl/prog/en/modules/serials/serial-issues-full.tt:active([% koha-tmpl/intranet-tmpl/prog/en/modules/serials/serial-issues-full.tt:function a koha-tmpl/intranet-tmpl/prog/en/modules/serials/serial-issues-full.tt: t/Cache.t: unless ( $cache->is_cache_active() && defined $cache ); t/Cache.t: unless ( $cache->is_cache_active() ); Conclusion: active in additem seems to be quite inactive. Test plan: Add, edit or delete items and verify that you did not miss active :) NOTE: The active function has a loop which is always run. Inside that loop 'ong' would always be defined as some number concatenated with XX. Both sides of the if/else reference document.getElementById(ong), but there is only one occurence of XX in the file: the concatenation! Similarly, the 'link' logic does not correspond to any of the id= or name= strings in the file. koha-tmpl/intranet-tmpl/prog/en/modules/admin/marc_subfields_structure.tt is the only file with "id=\"link" that matches the logic. This is likely a cut-and-paste remnant made useless by datatable upgrades and HTML/CSS class changes. Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit f327ebe540103905ccc4d36dcc5275b1b5644be5) Signed-off-by: Chris Cormack commit b2689594e36ef9d17b6efe1070ed5960f96dc479 Author: Katrin Fischer Date: Mon May 25 12:13:08 2015 +0200 Bug 14269: OPAC: Some template improvements for the full serial history page - Fix filter labels: Library : -> Library: Subscription : -> Subscription: - Make '(All)' entry in filter pull downs translatable - Show branch name instead of branchcode in table and filter To test: - Verify changes as described above - Verify filters still work as expected Followed test plan. Works as expected. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 5bbea3ea2ca08e7d1b785cdfb90524bb29f553ac) Signed-off-by: Chris Cormack commit 740ba172eb96c4dbfc5ec4c553d04c43f9c5136f Author: Marc V?ron Date: Tue Jun 2 09:54:15 2015 +0200 Bug 14313: OPAC - Adding a comment makes result browser disappear To reproduce: - Allow commenting in OPAC (Syspref reviewson) - Log in to OPAC - Do a search with many results - Click on a biblio in result list - Verify that you can browse the results in detail view ("Browse results") - Repeat teh search above - Click on the same biblio as above - Add a comment (Tab "Comments") - Close commenting window - Click on "Next" in result browser Result: The next biblio is displayed, but result browser has disappeared. To test: - Apply patch - Try to reproduce issue above, verify that result browser does no longer disappear AMended to remove whitespace chars. / MV Signed-off-by: Bernardo Gonzalez Kriegel Bug & solution checked, works well. No koha-qa errors Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 22c5c4b468b3584ed8bf45039c1494e969f2d66b) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 7 +++++-- .../prog/en/modules/cataloguing/additem.tt | 16 ---------------- .../bootstrap/en/modules/opac-full-serial-issues.tt | 15 ++++++++------- 3 files changed, 13 insertions(+), 25 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Sun Jun 7 10:31:19 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Sun, 07 Jun 2015 08:31:19 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-40-g67b637e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 67b637e3dee5b1b7d5725970226ef1ee2acb80c6 (commit) via 10163e5802732c76456952469a5512ac7bc19bff (commit) via 6fc0922f41a5f5ce32ae32f803c6e6bfc4843ad8 (commit) via d3cdaea1ecf97f6449be1eb3bdab36115b301d7f (commit) via fefb788ff96558f8262d5c5138031f10506f6838 (commit) from 630faec194d5341f33e95704163d8022d5fe1519 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 67b637e3dee5b1b7d5725970226ef1ee2acb80c6 Author: Josef Moravec Date: Fri May 15 11:03:21 2015 +0200 Bug 13656: "Change"/"Set to patron" button for linking a member to an organisation (or child to guarantor) not translatable Test plan: 1. install and activate an additional language 2. create patron in organization category 3. create professional patron 4. try to add this patron to an organization (Guarantor information section) 5. note that the left button text changed to "Change" - untranslated english string 6. push the "Delete" button, the guarantor patron field is cleared and the left button text changed to "Set to patron" - again original english text 7. apply the patch 7.1. update translation (koha-translate -u language_code) 8. repeat 4-6, note, that button text are still translated in all sitations 9. sign off ;) Signed-off-by: Bernardo Gonzalez Kriegel Work as described, no errors Fixed message capitalization Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit c2650e20f9cc5c9e17eea199d19022a144c6e9c8) Signed-off-by: Chris Cormack commit 10163e5802732c76456952469a5512ac7bc19bff Author: Jonathan Druart Date: Tue Feb 3 13:25:47 2015 +0100 Bug 13662: Fix the serials.receive_serials permissions There are some issues with serial permissions. For instance it's not possible to receive serials if the edit_subscription is not set. Also the toolbar is empty. Test plan: 1/ Set the serials => receive_serials permissions to a patron (and only this one for the serials module). 2/ Verify you cannot create a new subscription, you can search subscriptions but cannot edit them. 3/ On the serial result list, receive a serial (action > Serial receive). You can now change the status and receive it. 4/ On the serial collection, you can edit 1+ serials to reveice it. 5/ Set the serials => edit_subscription permission and confirm there is no regression. QA note: I think we should introduce a C4::Serials::can_receive_serials subroutine, to test the IndependentBranches pref, but I don't want to add to much processing to check permissions. Signed-off-by: Paola Rossi Signed-off-by: Brendan Gallagher Signed-off-by: Tomas Cohen Arazi (cherry picked from commit e6040977409ffe4dc6a23f6d76c3bd1f528837d0) Signed-off-by: Chris Cormack commit 6fc0922f41a5f5ce32ae32f803c6e6bfc4843ad8 Author: Kyle M Hall Date: Fri May 29 09:36:34 2015 -0400 Bug 14299: Today's checkouts not always sorting correctly Sometimes the today's checkouts do not sort correctly. This is due to a simple typo in the comparison line where the bad key 'timstamp' is compared against the correct key 'timestamp'. Test Plan: 1) Check out a decent number of items in a row ( 5+ ) 2) Hopefully you will see they are sorted incorrectly 3) Apply this patch 4) Reload the page 5) Note they are now sorted correctly Followed test plan. Works as expected. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 8e9f89e92b48f1aac786e9b5608338a14603f52f) Signed-off-by: Chris Cormack commit d3cdaea1ecf97f6449be1eb3bdab36115b301d7f Author: Kyle M Hall Date: Mon May 4 12:50:28 2015 -0400 Bug 14142 - Holds queue viewer only displays first subtitle from marc keyword mappings Despite the point of the Keyword to MARC Mappings being to simplify the handling and display of repeated values from multiple subfields, the holds queue viewer will only display the first value found. What it should be doing instead is displaying all fields that match the subtitle keyword. Test Plan: 1) Apply this patch 2) Define multiple Keyword to MARC mappings for the subtitle keyword 3) Place a hold on a record using those subtitle fields 4) View the hold in the holds queue viewer 5) Note that all the subtitles now appear Signed-off-by:Heather Braum Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit d76c9f4850c9ba7605f2c405838f973c70a70b61) Signed-off-by: Chris Cormack commit fefb788ff96558f8262d5c5138031f10506f6838 Author: Dobrica Pavlinusic Date: Tue Mar 10 13:35:03 2015 +0100 Bug 13815 - plack loose CGI qw(-utf8) flag creating incorrect utf-8 encoding everywhere This is major problem for plack installations with utf-8 encoding. In this case, we are overriding CGI->new to setup utf-8 flag and get correctly decoded $cgi->params, and reset syspref cache using C4::Context->clear_syspref_cache Test scenario: 1. under plack try to search with utf-8 charactes 2. try to find patron with utf-8 characters Signed-off-by: Gaetan Boisson Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 3cd086b6b6be08d902a479f302ccf18e55de911b) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: C4/HoldsQueue.pm | 2 +- .../prog/en/includes/serials-toolbar.inc | 95 ++++++++++---------- .../prog/en/modules/circ/view_holdsqueue.tt | 2 +- .../prog/en/modules/members/memberentrygen.tt | 4 +- .../prog/en/modules/serials/serials-collection.tt | 2 +- misc/plack/koha.psgi | 12 +++ serials/serials-edit.pl | 1 + svc/checkouts | 2 +- 8 files changed, 67 insertions(+), 53 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Sun Jun 7 10:51:55 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Sun, 07 Jun 2015 08:51:55 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-42-gf1d5fff Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via f1d5fffea6688e72d17afd1251e60e2f95f466b8 (commit) via 1a346c35fe1f4c16f9b5c9d420f7e016b9f924b8 (commit) from 67b637e3dee5b1b7d5725970226ef1ee2acb80c6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f1d5fffea6688e72d17afd1251e60e2f95f466b8 Author: Marcel de Rooy Date: Tue May 26 14:52:07 2015 +0200 Bug 14276: Keep highlight on the active item in item editor The highlight only works on even items. This patch should resolve it. Test plan: Edit biblio with multiple items. Verify that the highlight is visible on the selected item you edit. And that there is no highlight for a new item. Signed-off-by: Jonathan Druart Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 83c6817a86de68fb08cb73aef3b8b46d12587116) Signed-off-by: Chris Cormack commit 1a346c35fe1f4c16f9b5c9d420f7e016b9f924b8 Author: Bernardo Gonzalez Kriegel Date: Mon Jun 1 15:34:00 2015 -0300 Bug 14173: Paging on 'recent comments' page in OPAC is not displaying correctly This patch corrects the display of current page on a multipage recent comments. To test: 1) Enable OpacShowRecentComments 2) Add multiple comments to multiple records I used a script to add multiple lines like "insert into reviews values ($i, 51, $i, 'Comment $i', 1, '2015-06-01 00:00:00')" to table reviews 3) On OPAC, go to 'Recent comments', verify the bug 4) Apply the patch 5) Reload and check correct display Can't found missing space near 'by' from description. Display is correct for me. Followed test plan, displays as expected. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 7928cdfbd405de9d4a8fffc535d3dcbd9a95226c) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: .../intranet-tmpl/prog/en/modules/cataloguing/additem.tt | 11 ++--------- .../opac-tmpl/bootstrap/en/modules/opac-showreviews.tt | 2 +- 2 files changed, 3 insertions(+), 10 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Sun Jun 7 23:57:19 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Sun, 07 Jun 2015 21:57:19 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-112-g717fa84 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 717fa8440dad2f67043641db31a5b5ad2b361bb1 (commit) via af6bb0b4db384903d73af6de4e219ba530959ee3 (commit) via 7f4a7f2eb393d0578837a3a91f4b62b741baa3dc (commit) via 5132d5f991515b86a9282b214a9418b65b4c0881 (commit) via 7e440d700904fde37b54138da0e7a9c38ff2637a (commit) via 5f5903737eeb614d66b34e270120698c00de5a59 (commit) via c671784321b1ebcf9aca18c061ec30bed3e89a58 (commit) via 3ef7bfc6cf5b43784a9edc212a4bfc07b1d34b35 (commit) via 46419b797bfb53bfbff6f8f83c5e016859ac48fa (commit) from 5a02cf9b48685d3b71397f86a862b2d7535a68b6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 717fa8440dad2f67043641db31a5b5ad2b361bb1 Author: Galen Charlton Date: Thu Jun 4 16:11:44 2015 -0400 Bug 14334: t/db_dependent/Letters.t AutoCommit fix TEST PLAN ---------- 1) git reset --hard origin/master 2) prove t/db_dependent/Letters.t -- horrible failure about transaction 3) apply this patch 4) prove t/db_dependent/Letters.t -- no issues 5) koha qa test tools. Signed-off-by: Tomas Cohen Arazi commit af6bb0b4db384903d73af6de4e219ba530959ee3 Author: Mark Tompsett Date: Thu Jun 4 16:08:22 2015 -0400 Bug 14334: t/db_dependent/Budgets.t AutoCommit fix TEST PLAN ---------- 1) git reset --hard origin/master 2) prove t/db_dependent/Budgets.t -- horrible failure about transaction 3) apply this patch 4) prove t/db_dependent/Budgets.t -- no issues 5) koha qa test tools. Signed-off-by: Tomas Cohen Arazi commit 7f4a7f2eb393d0578837a3a91f4b62b741baa3dc Author: Mark Tompsett Date: Thu Jun 4 16:01:20 2015 -0400 Bug 14334: t/db_dependent/Bookseller.t AutoCommit fix TEST PLAN ---------- 1) git reset --hard origin/master 2) prove t/db_dependent/Bookseller.t -- horrible failure about transaction 3) apply this patch 4) prove t/db_dependent/Bookseller.t -- no issues 5) koha qa test tools. Signed-off-by: Tomas Cohen Arazi commit 5132d5f991515b86a9282b214a9418b65b4c0881 Author: Marcel de Rooy Date: Thu Jun 4 09:15:24 2015 +0200 Bug 14327: Fix js error "TypeError: events is null" in additem.js If you have no item plugins, the events variable in BindPluginEvents of additem.js will be null. So testing events.length will generate the described error. This patch adds a check to prevent that from happening again. Test plan: [1] Do not yet apply this patch ! [2] Temporarily remove framework plugins from your items (in ACQ or default framework). Probably you have to clear dateaccessioned.pl and barcode.pl. [3] Open js console in your browser. [4] Go to Acquisition. Open a basket and add an order from a new empty record. [5] You should see js error: "TypeError: events is null" (additem.js:176) [6] Apply this patch and reload the page (make sure that you refresh so that the new javascript code is read). [7] The TypeError should be gone. [8] Restore the framework plugins from step 2. Refresh the page again and verify that they still work as expected. Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 7e440d700904fde37b54138da0e7a9c38ff2637a Author: Kyle M Hall Date: Thu Jun 4 07:13:01 2015 -0400 Bug 14318: iDreamBooks doesn't work when Koha is using https If a Koha server is configured to run over SSL, all iDreamBooks content is blocked due to the fact that a secure page is requesting an insecure endpoint. This is due to the fact that the urls for iDreamBooks use http and not https. A simple fix would be to switch them to https since browsers have to qualms about loading a secure data endpoint from an insecure one. Test Plan: 1) Enable iDreamBooks 2) Set up your OPAC to use https 3) Verify iDreamBooks content continues to work Note: tested Chrome and IE, so that the IE change would be validated. Discovered isbn semi-colon issue that is beyond scope of this bug. Signed-off-by: Mark Tompsett Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 5f5903737eeb614d66b34e270120698c00de5a59 Author: Kyle M Hall Date: Fri Jun 5 09:58:50 2015 -0400 Bug 14342: Unit tests in t/db_dependent/Context.t failing due to Bug 13967 The introduction of system preference objects in bug 13967 has caused the current testing regimen to fail do to the mixing of DBI mocking and DBIx::Class. Test Plan: 1) Apply this patch 2) prove t/db_dependent/Context.t Signed-off-by: Tomas Cohen Arazi Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit c671784321b1ebcf9aca18c061ec30bed3e89a58 Author: Tomas Cohen Arazi Date: Fri Jun 5 10:56:56 2015 -0300 Bug 14339: C4::Context->preference should return undef if DB is not populated The current behaviour for C4::Context->preference when the DB is not still populated with tables is to return undef. This is used by C4::Auth to identify the need of running the installer. This behaviour got broken by bug 13967, which lets DB errors to escalate and thus Koha gets broken instead of prompting for install. This patch wraps Koha::Config::Sysprefs->find inside an eval and sets undef if needed. To test: - In current master, drop the DB - Load OPAC and Intranet => FAIL: notice an ugly software error. - Apply the patch - Load the OPAC => SUCCESS: Maintenance mode screen is shown - Load Intranet => SUCCESS: You are prompted the DB credentials to run the web installer. - Sign off :-D Tomas Signed-off-by: Mark Tompsett Signed-off-by: Kyle M Hall Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 3ef7bfc6cf5b43784a9edc212a4bfc07b1d34b35 Author: Tomas Cohen Arazi Date: Fri Jun 5 16:08:23 2015 -0300 Bug 14346: (folowup) Fix previously existing POD This patch makes koha-qa.pl happy by fixing POD issues prior to this bug. Signed-off-by: Mark Tompsett Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 46419b797bfb53bfbff6f8f83c5e016859ac48fa Author: Tomas Cohen Arazi Date: Fri Jun 5 14:52:36 2015 -0300 Bug 14346: t/Biblio.t fails because of new warning Running $ prove t/Biblio.t fails because of us now using DBIx to retrieve sysprefs. Then our mocked DBI is not "supported" by DBIx hence a warning that makes our test fail (there is one more warning now). The cool thing about this, is that it actually helped spot a situation where GetMarcBiblio is doing wrong things because is not checking its parameters are undefined, so we have the chance to fix it. This patch makes GetMarcBiblio return undef if no biblionumber is passed, and also raises a conveniently carped warning. This change is tested in t/Biblio.t with new tests. To test: - In current master, run $ prove t/Biblio.t => FAIL: a test detects a wrong warning count and fails. - Apply the patch and run $ prove t/Biblio.t => SUCCESS: Tests now pass, and there are 2 new ones. - Sign off :-D Regards Signed-off-by: Mark Tompsett Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Biblio.pm | 21 +++--- C4/Context.pm | 3 +- koha-tmpl/intranet-tmpl/prog/en/js/additem.js | 4 +- .../admin/preferences/enhanced_content.pref | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-detail.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-results.tt | 4 +- t/Biblio.t | 15 +++-- t/db_dependent/Bookseller.t | 8 ++- t/db_dependent/Budgets.t | 7 +- t/db_dependent/Context.t | 70 +++++++++++--------- t/db_dependent/Letters.t | 8 ++- 11 files changed, 88 insertions(+), 64 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 8 05:01:38 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 08 Jun 2015 03:01:38 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-43-g9a2f765 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 9a2f7655b3dfd49da7207cec9fc1c7e9377ab20c (commit) from f1d5fffea6688e72d17afd1251e60e2f95f466b8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 9a2f7655b3dfd49da7207cec9fc1c7e9377ab20c Author: Marcel de Rooy Date: Thu Jun 4 09:15:24 2015 +0200 Bug 14327: Fix js error "TypeError: events is null" in additem.js If you have no item plugins, the events variable in BindPluginEvents of additem.js will be null. So testing events.length will generate the described error. This patch adds a check to prevent that from happening again. Test plan: [1] Do not yet apply this patch ! [2] Temporarily remove framework plugins from your items (in ACQ or default framework). Probably you have to clear dateaccessioned.pl and barcode.pl. [3] Open js console in your browser. [4] Go to Acquisition. Open a basket and add an order from a new empty record. [5] You should see js error: "TypeError: events is null" (additem.js:176) [6] Apply this patch and reload the page (make sure that you refresh so that the new javascript code is read). [7] The TypeError should be gone. [8] Restore the framework plugins from step 2. Refresh the page again and verify that they still work as expected. Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 5132d5f991515b86a9282b214a9418b65b4c0881) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: koha-tmpl/intranet-tmpl/prog/en/js/additem.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 8 16:06:45 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 08 Jun 2015 14:06:45 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-119-ga215c79 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via a215c79cc9ce512eb2994ebfe4bdd07c79fef871 (commit) via a6017d87f16266e8947b046427537bdcae5a0699 (commit) via 9ce2cd7082a2577278c3a7078f9e277cfa683ae9 (commit) via d763d7cf3c28149b5d7f82de8a98789ee97814d6 (commit) via 0114465ced0d87aed51e8632e0ec1c005ae4fce3 (commit) via 34fe5c24167f6bc27cff519d4a26c347d06341b3 (commit) via 4fd923e12eea70b7e871f0068471ff5ef91dda01 (commit) from 717fa8440dad2f67043641db31a5b5ad2b361bb1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a215c79cc9ce512eb2994ebfe4bdd07c79fef871 Author: Tomas Cohen Arazi Date: Mon Jun 8 10:48:23 2015 -0300 Bug 14053: DBRev 3.21.00.007 Signed-off-by: Tomas Cohen Arazi commit a6017d87f16266e8947b046427537bdcae5a0699 Author: Fridolin Somers Date: Thu Apr 23 17:38:03 2015 +0200 Bug 14053: Acquisition db tables are missing indexes Acquisition db tables are missing some indexes to have performance queries. This patch adds an index on some columns very often used in search queries, such as aqbooksellers.name and aqbudgets.budget_code. Also adds an index on aqorders.orderstatus, very often used with hardcoded value like 'cancelled', in various queries. Test plan : 1) Back up database 2) $ git reset --hard origin/master 3) $ git bz apply 14053 4) In your mysql client > DROP DATABASE koha_library; > CREATE DATABASE koha_library; > QUIT; -- Obviously you may need to vary koha_library :) 5) Navigate to staff client -- should be able to set up the DB just fine. -- this will catch the comma bug that keeps coming in. 6) $ git reset --hard origin/master 7) Repeat step 4 8) Navigate to staff client -- nothing tested, but we need the DB set up. 9) $ ./installer/data/mysql/updatedatabase.pl -- atomic updates run without issue. 10) run koha qa test tools 11) Restore DB 12) Try to compare performance after and before database update. I think query contained in C4::Acquistion::GetInvoices could be a good example Signed-off-by: Mark Tompsett Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 9ce2cd7082a2577278c3a7078f9e277cfa683ae9 Author: Fridolin Somers Date: Mon Apr 27 17:01:37 2015 +0200 Bug 14053: Acquisition db tables are missing indexes - atomicupdates Signed-off-by: Mark Tompsett Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit d763d7cf3c28149b5d7f82de8a98789ee97814d6 Author: Marc V?ron Date: Tue Jun 2 11:39:17 2015 +0200 Bug 14314: System Preferences: Better explanation for syspref 'ShowReviewerPhoto' [PASSED QA] If syspref ShowReviewerPhoto is enabled, the reviewer's avatar is displayed beside comments in OPAC. The avatar will be searched on www.libravatar.org using the patron's email address. This patch changes the text for 'ShowReviewerPhoto'. To test: Apply patch Go to Home > Administration > System preferences Search for ShowReviewerPhoto Verify that the new explanation makes sense. Signed-off-by: Bernardo Gonzalez Kriegel Better explanation, no errors. Signed-off-by: Katrin Fischer Changed mail to e-mail. Signed-off-by: Tomas Cohen Arazi commit 0114465ced0d87aed51e8632e0ec1c005ae4fce3 Author: Marcel de Rooy Date: Thu Jun 4 12:47:13 2015 +0200 Bug 14330: Remove unused email_sender from sendbasket/sendshelf The sendbasket/sendshelf scripts and templates do not use email_sender as a cgi parameter or as a template var. Probably a leftover from previous changes. Let's make Koha cleaner :) Test plan: [1] Send your cart from opac or staff. [2] Send a shelf from opac or staff. [3] Git grep email_sender. No results. Followed test plan. Works as expected. Signed-off-by: Marc V?ron Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 34fe5c24167f6bc27cff519d4a26c347d06341b3 Author: Jonathan Druart Date: Fri Apr 24 17:03:09 2015 +0200 Bug 11790: Remove dependency C4::Context from C4::Charset C4::Context is only used to retrieve a syspref value. This patch moves the use of C4::Context to a require. Test plan: Try to reach the SetMarcUnicodeFlag subroutine (batchmod, add/update a biblio, etc.) Signed-off-by: Bernardo Gonzalez Kriegel Tested on French UNIMARC install No errors adding/editing biblios No koha-qa errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 4fd923e12eea70b7e871f0068471ff5ef91dda01 Author: Marcel de Rooy Date: Thu Jun 4 12:03:42 2015 +0200 Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText The synopsis of this TT plugin contains two example lines: [% myhtml FILTER html2text(leftmargin => 0, rightmargin => 0) %] [% myhtmltext | html2text %] These lines have been copied (without too much thought :) to a few templates. Since we do no use the variables myhtml or myhtmltext in these templates, these lines are useless. Test plan: [1] Put some items in your cart. And send it. [2] Send a shelf. [3] Git grep on myhtml. Should not have results. NOTE: Sent carts and lists in Intranet and OPAC successfully. Though, this does bring into question why the letters have HTML formatting if it is getting removed. That, however, is beyond the scope of this bug. Signed-off-by: Mark Tompsett Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Charset.pm | 2 +- Koha.pm | 2 +- basket/sendbasket.pl | 2 -- installer/data/mysql/kohastructure.sql | 12 +++++++- installer/data/mysql/updatedatabase.pl | 31 ++++++++++++++++++++ .../prog/en/modules/admin/preferences/opac.pref | 2 +- .../prog/en/modules/basket/sendbasket.tt | 2 -- .../prog/en/modules/virtualshelves/sendshelf.tt | 2 -- .../bootstrap/en/modules/opac-sendbasket.tt | 2 -- .../bootstrap/en/modules/opac-sendshelf.tt | 2 -- opac/opac-sendbasket.pl | 2 -- opac/opac-sendshelf.pl | 1 - virtualshelves/sendshelf.pl | 1 - 13 files changed, 45 insertions(+), 18 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 8 21:24:27 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 08 Jun 2015 19:24:27 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-121-g0002126 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 0002126a2ab0ac38a8d3f144f446dc3ba69dab59 (commit) via d82aeb352f35ec37fdd62fed7e9a713168a21c28 (commit) from a215c79cc9ce512eb2994ebfe4bdd07c79fef871 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0002126a2ab0ac38a8d3f144f446dc3ba69dab59 Author: Jonathan Druart Date: Thu Apr 16 16:39:09 2015 +0200 Bug 10355: paramater 'object' lost on the road Test plan: 1) Go to any detail page in staff 2) Click on the modification log tab 3) Verify, that the object is prefilled with the records biblionumber and you can also see it as parameter in the url 4) Click a second time on modification log to reset your search Before this patch, the object parameter was empty. It now contains the value of the biblionumber. Signed-off-by: Bernardo Gonzalez Kriegel Work as described, no koha-qa errors http://bugs.koha-community.org/show_bug.cgi?id=10335 Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit d82aeb352f35ec37fdd62fed7e9a713168a21c28 Author: Tomas Cohen Arazi Date: Fri Jun 5 12:01:28 2015 -0300 Bug 14344: uninitialized value warning C4/Utils/DataTables/Members.pm The condition for the assignment depends on $searchtype to be defined and equal to 'contains'. So this change doesn't change the semantics. - if $term !~ /^%/ - and $searchtype eq "contain"; + if (defined $searchtype) && $searchtype eq "contain" + && $term !~ /^%/; To test: - Home -> Circulation -> Checkout - Search for a user that does not exist (I searched 'whywouldthisexist') on the intranet interface. - Look at the intranet logs => FAIL: you get "Use of uninitialized value $searchtype in string eq at.,," - Apply the patch - Repeat the search => SUCCESS: No warning - Sign off :-D NOTE: Other pages are more forgiving. Tweaked test plan. Signed-off-by: Mark Tompsett Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Utils/DataTables/Members.pm | 4 ++-- koha-tmpl/intranet-tmpl/prog/en/includes/biblio-view-menu.inc | 2 +- tools/viewlog.pl | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 8 22:25:45 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 08 Jun 2015 20:25:45 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-45-g6406398 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 64063984955bd002168166d162577ee2ace203c3 (commit) via 605b99470c9a29cf6f4c2d37513d29d5c4303d48 (commit) from 9a2f7655b3dfd49da7207cec9fc1c7e9377ab20c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 64063984955bd002168166d162577ee2ace203c3 Author: Jonathan Druart Date: Fri Apr 24 17:03:09 2015 +0200 Bug 11790: Remove dependency C4::Context from C4::Charset C4::Context is only used to retrieve a syspref value. This patch moves the use of C4::Context to a require. Test plan: Try to reach the SetMarcUnicodeFlag subroutine (batchmod, add/update a biblio, etc.) Signed-off-by: Bernardo Gonzalez Kriegel Tested on French UNIMARC install No errors adding/editing biblios No koha-qa errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 34fe5c24167f6bc27cff519d4a26c347d06341b3) Signed-off-by: Chris Cormack commit 605b99470c9a29cf6f4c2d37513d29d5c4303d48 Author: Marcel de Rooy Date: Thu Jun 4 12:03:42 2015 +0200 Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText The synopsis of this TT plugin contains two example lines: [% myhtml FILTER html2text(leftmargin => 0, rightmargin => 0) %] [% myhtmltext | html2text %] These lines have been copied (without too much thought :) to a few templates. Since we do no use the variables myhtml or myhtmltext in these templates, these lines are useless. Test plan: [1] Put some items in your cart. And send it. [2] Send a shelf. [3] Git grep on myhtml. Should not have results. NOTE: Sent carts and lists in Intranet and OPAC successfully. Though, this does bring into question why the letters have HTML formatting if it is getting removed. That, however, is beyond the scope of this bug. Signed-off-by: Mark Tompsett Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 4fd923e12eea70b7e871f0068471ff5ef91dda01) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: C4/Charset.pm | 2 +- koha-tmpl/intranet-tmpl/prog/en/modules/basket/sendbasket.tt | 2 -- koha-tmpl/intranet-tmpl/prog/en/modules/virtualshelves/sendshelf.tt | 2 -- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendbasket.tt | 2 -- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-sendshelf.tt | 2 -- 5 files changed, 1 insertion(+), 9 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 8 22:38:38 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 08 Jun 2015 20:38:38 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-46-g431310e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 431310eb0bdfa5b67345cb41886afaac7abc07f2 (commit) from 64063984955bd002168166d162577ee2ace203c3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 431310eb0bdfa5b67345cb41886afaac7abc07f2 Author: Marcel de Rooy Date: Thu Jun 4 12:47:13 2015 +0200 Bug 14330: Remove unused email_sender from sendbasket/sendshelf The sendbasket/sendshelf scripts and templates do not use email_sender as a cgi parameter or as a template var. Probably a leftover from previous changes. Let's make Koha cleaner :) Test plan: [1] Send your cart from opac or staff. [2] Send a shelf from opac or staff. [3] Git grep email_sender. No results. Followed test plan. Works as expected. Signed-off-by: Marc V?ron Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 0114465ced0d87aed51e8632e0ec1c005ae4fce3) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: basket/sendbasket.pl | 2 -- opac/opac-sendbasket.pl | 2 -- opac/opac-sendshelf.pl | 1 - virtualshelves/sendshelf.pl | 1 - 4 files changed, 6 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 9 01:04:28 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 08 Jun 2015 23:04:28 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-47-g494d824 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 494d824d4f0b17f423b6c585b3fb7942b830625c (commit) from 431310eb0bdfa5b67345cb41886afaac7abc07f2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 494d824d4f0b17f423b6c585b3fb7942b830625c Author: Marc V?ron Date: Tue Jun 2 11:39:17 2015 +0200 Bug 14314: System Preferences: Better explanation for syspref 'ShowReviewerPhoto' [PASSED QA] If syspref ShowReviewerPhoto is enabled, the reviewer's avatar is displayed beside comments in OPAC. The avatar will be searched on www.libravatar.org using the patron's email address. This patch changes the text for 'ShowReviewerPhoto'. To test: Apply patch Go to Home > Administration > System preferences Search for ShowReviewerPhoto Verify that the new explanation makes sense. Signed-off-by: Bernardo Gonzalez Kriegel Better explanation, no errors. Signed-off-by: Katrin Fischer Changed mail to e-mail. Signed-off-by: Tomas Cohen Arazi (cherry picked from commit d763d7cf3c28149b5d7f82de8a98789ee97814d6) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/opac.pref | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 9 01:11:19 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 08 Jun 2015 23:11:19 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-49-ga47a89f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via a47a89fa472e434f0dafccd991fa7991d5efe830 (commit) via c0c16392b18542c733210ff5855e74492b057af1 (commit) from 494d824d4f0b17f423b6c585b3fb7942b830625c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a47a89fa472e434f0dafccd991fa7991d5efe830 Author: Jonathan Druart Date: Thu Apr 16 16:39:09 2015 +0200 Bug 10355: paramater 'object' lost on the road Test plan: 1) Go to any detail page in staff 2) Click on the modification log tab 3) Verify, that the object is prefilled with the records biblionumber and you can also see it as parameter in the url 4) Click a second time on modification log to reset your search Before this patch, the object parameter was empty. It now contains the value of the biblionumber. Signed-off-by: Bernardo Gonzalez Kriegel Work as described, no koha-qa errors http://bugs.koha-community.org/show_bug.cgi?id=10335 Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 0002126a2ab0ac38a8d3f144f446dc3ba69dab59) Signed-off-by: Chris Cormack commit c0c16392b18542c733210ff5855e74492b057af1 Author: Tomas Cohen Arazi Date: Fri Jun 5 12:01:28 2015 -0300 Bug 14344: uninitialized value warning C4/Utils/DataTables/Members.pm The condition for the assignment depends on $searchtype to be defined and equal to 'contains'. So this change doesn't change the semantics. - if $term !~ /^%/ - and $searchtype eq "contain"; + if (defined $searchtype) && $searchtype eq "contain" + && $term !~ /^%/; To test: - Home -> Circulation -> Checkout - Search for a user that does not exist (I searched 'whywouldthisexist') on the intranet interface. - Look at the intranet logs => FAIL: you get "Use of uninitialized value $searchtype in string eq at.,," - Apply the patch - Repeat the search => SUCCESS: No warning - Sign off :-D NOTE: Other pages are more forgiving. Tweaked test plan. Signed-off-by: Mark Tompsett Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit d82aeb352f35ec37fdd62fed7e9a713168a21c28) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: C4/Utils/DataTables/Members.pm | 4 ++-- koha-tmpl/intranet-tmpl/prog/en/includes/biblio-view-menu.inc | 2 +- tools/viewlog.pl | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 10 21:01:59 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 10 Jun 2015 19:01:59 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-128-g39a598c Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 39a598c987f875c4f4033844f7b8c7e7ba588132 (commit) via 964fae60eebd4141ce49c3cff46881d3b2896e49 (commit) via 51197e9f1824890b6db66f0c9f90034482932a03 (commit) via efe52666259d533d2c0a375cb7c764dbff3a58d3 (commit) via db4dcb2c72398cd894e582ddd77bb330e242a09e (commit) via c5bc51d7d1b6c98e9d897022f91d8e0806cf4524 (commit) via 395304d3b58d79bb1306c4e6f799548e2d875356 (commit) from 0002126a2ab0ac38a8d3f144f446dc3ba69dab59 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 39a598c987f875c4f4033844f7b8c7e7ba588132 Author: Marcel de Rooy Date: Thu May 14 15:09:40 2015 +0200 Bug 13437: Replace javascript function parameter in builder The builder contains js functions with a parameter like subfield_managed or i or something similar. This parameter contains the html id of the field corresponding with the plugin. With the functionality of Koha::FrameworkPlugin in place, we can eliminate one js function call and get the same id via the event passed in. Note that this actually makes the function a 'real' event handler. Also note that in many cases this parameter was not used but the id was borrowed from a perl variable like $params->{id}. If the field is not cloned, this is not a problem. But some fields can be cloned and should not use the static perl value but should get it from the event. Test plan: Look for js errors when loading the marc editor. Since the Focus or Click event code has been touched for most marc21 plugins, move your cursor into the field or click on the tag editor button. Verify that the focus event updates the correct field or the click event correctly launches the plugin AND the value comes back into the right field. Bonus: Attach a plugin with popup (like leader) to 040$d. Clone this field. Verify that the two launch buttons operate on the correct value. (This resolves a current bug.) Signed-off-by: Marcel de Rooy Checked all 15 plugins. Plugin marc21_linking_section seems to work, but I could not get it to pass back something useful into my field. (Same without this patch.) Tested the clone button with leader on 040d. Signed-off-by: Bernardo Gonzalez Kriegel All seems to work, no errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 964fae60eebd4141ce49c3cff46881d3b2896e49 Author: Marcel de Rooy Date: Thu May 14 10:20:15 2015 +0200 Bug 13437: Conversion of marc21 cataloguing plugins to new style This patch converts marc21 plugins to new style by making the following modifications: [1] Replace use strict with use Modern::Perl. This implies that we now re-enabled warnings. There are no redefine warnings anymore, but note that we need to silence some warnings from individual plugins that were covered by disabling the warnings pragma until now. Silencing these individual warnings is outside the scope of this report. [2] Sub plugin_javascript is replaced by an anonymous subroutine $builder. [3] The parameters of $builder are combined in a params hashref. In most cases we only need $params->{id} for the function name. [4] Javascript function Clicxxx is renamed to Clickxxx. [5] The builder does no longer return function_name. [6] Sub plugin is replaced by subroutine $launcher. [7] The parameters of $launcher are combined in a params hashref. We only use $params->{cgi}. Mostly we save that to $input. One exception: $query. [8] The plugins returns a hash with $builder and/or $launcher. Test plan: [1] Run t/db_dependent/FrameworkPlugin.t -incl cataloguing/value_builder/ marc21*.pl. This should catch compile errors and general problems when building or launching these plugins. NOTE: You will see several initialize warnings from individual plugins that were hidden until now by disabling warnings. This is fine; we will be able to address these warnings now on new reports. [2] Check behavior of several plugins in the marc editor. Signed-off-by: Marcel de Rooy Checked all marc21 plugins. Attached unused plugins to some field. Some plugins (unused by default) may need some further attention, but also outside the scope of this report. Signed-off-by: Bernardo Gonzalez Kriegel New warnigs, but all seems to work. No errors. Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 51197e9f1824890b6db66f0c9f90034482932a03 Author: Marcel de Rooy Date: Wed May 13 13:47:38 2015 +0200 Bug 13437: Trivial edits on marc21 plugins before conversion marc21_field_003.pl: copy-pasta comment about date removed marc21_field_005.pl: commented use removed marc21_field_006.pl: old/irrelevant pod lines marc21_field_007.pl: old/irrelevant pod lines marc21_field_008.pl: old/irrelevant pod lines, move sub par line twice marc21_field_008_authorities.pl: whitespace, old/irrelevant pod lines marc21_field_040c.pl: two commented lines removed marc21_field_040d.pl: whitespace, commented lines, old/irrelevant pod marc21_field_245h.pl: whitespace marc21_linking_section.pl: relocated some comment lines, and replaced a new CGI object by the one passed in via the plugin launcher (agreed, this may not be so trivial as the other changes) Test plan: These (trivial) changes are hard to test. Pick a few plugins and verify that behavior is not changed in the marc editor. For the brave: Try marc21_linking_section.pl. Signed-off-by: Bernardo Gonzalez Kriegel Tried marc21_linking_section.pl :) (ling plugin to 773$9, create new record, search for parent and check values inserted) No errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit efe52666259d533d2c0a375cb7c764dbff3a58d3 Author: Marcel de Rooy Date: Tue May 12 17:49:04 2015 +0200 Bug 13437: Preliminary changes for marc21 plugins field 008 Preliminary work on marc21_field_008.pl and 008_authorities.pl. Moving $dateentered en $defaultval to lower scope level. date_entered is a new sub (in a module); sub Field008 has been reduced to one line. Added a trivial unit test for date_entered. Note: the format used in date_entered could be added in DateUtils, moving this logic to a better place. Test plan: Use both plugins in the marc21 editor (biblios/authorities). Run the adjusted unit test. Signed-off-by: Bernardo Gonzalez Kriegel Both plugins works, no errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit db4dcb2c72398cd894e582ddd77bb330e242a09e Author: Marcel de Rooy Date: Tue May 12 17:31:29 2015 +0200 Bug 13437: Perltidy some plugin files before conversion Preliminary work before converting to new plugin style. Several files still contained tabs or had strange indentation. Perltidied: marc21_linking_section.pl Perltidied: marc21_field_007.pl Perltidied: marc21_leader_authorities.pl Perltidied: marc21_leader.pl Perltidied: marc21_leader_book.pl Perltidied: marc21_leader_computerfile.pl Perltidied: marc21_leader_video.pl Test plan: Run perltidy -pro=xt/perltidyrc on marc21_linking_section and compare. Try another one too :) Signed-off-by: Bernardo Gonzalez Kriegel Minor differences on comparison :) No errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit c5bc51d7d1b6c98e9d897022f91d8e0806cf4524 Author: Jonathan Druart Date: Thu Jun 4 11:35:15 2015 +0200 Bug 14256: (follow-up) Check for unique constraint to regenerate random data There were some issues in the previous patch. This patch fixes the following: - rename $value with $original_value - remove $at_least_one_constraint_failed and $values_ok which make the code unnecessarily complicated - the constraints have to be checked only if no original value is passed - _buildColumnValue created a key to the default value hashref, it broke the test: last BUILD_VALUE if exists( $default_value->{$source} ); Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 395304d3b58d79bb1306c4e6f799548e2d875356 Author: Tomas Cohen Arazi Date: Wed Jun 3 15:54:57 2015 -0300 Bug 14256: Check for unique constraint to regenerate random data Unique constraints should be checked when creating random data. Otherwise we get failures when the generated data already exists on the DB. This patch takes advantage of ->unique_constraints() to do the job, looping through all the unique constraints defined for the source. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: Koha/Util/FrameworkPlugin.pm | 16 +- cataloguing/value_builder/marc21_field_003.pl | 22 +- cataloguing/value_builder/marc21_field_005.pl | 22 +- cataloguing/value_builder/marc21_field_006.pl | 36 +- cataloguing/value_builder/marc21_field_007.pl | 222 ++++---- cataloguing/value_builder/marc21_field_008.pl | 51 +- .../value_builder/marc21_field_008_authorities.pl | 65 +-- cataloguing/value_builder/marc21_field_040c.pl | 23 +- cataloguing/value_builder/marc21_field_040d.pl | 28 +- cataloguing/value_builder/marc21_field_245h.pl | 22 +- cataloguing/value_builder/marc21_leader.pl | 102 ++-- .../value_builder/marc21_leader_authorities.pl | 98 ++-- cataloguing/value_builder/marc21_leader_book.pl | 96 ++-- .../value_builder/marc21_leader_computerfile.pl | 96 ++-- cataloguing/value_builder/marc21_leader_video.pl | 96 ++-- .../value_builder/marc21_linking_section.pl | 556 ++++++++++---------- t/Koha_Util_FrameworkPlugin.t | 7 +- t/lib/TestBuilder.pm | 62 ++- 18 files changed, 837 insertions(+), 783 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 11 15:15:01 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 11 Jun 2015 13:15:01 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-138-g27ef141 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 27ef1410a7784577149bed6a466937c7ded6ba70 (commit) via c07f83f643e6b8820d90487a23e91e9b062a5cd6 (commit) via 8895caa33985bbb0cad9b011c4706d4591d2869b (commit) via c34569480884a543d19f3e87d13153cc771fa135 (commit) via 9d793b2f7e229251887e96c13c1ad6cb9410de38 (commit) via 721a77e6696c26efedd1955569a00e1dff2aa6b8 (commit) via 41b9687d975a3c2a54cc28229d4ba76edf175de9 (commit) via 9bef8f8738492564af7da78cba841366c70ada3c (commit) via 9e920f7479df6d36db3e3450d6e6c2524fa9fe56 (commit) via d75a751d49ad65b007572e02320735d2b02c9e1f (commit) from 39a598c987f875c4f4033844f7b8c7e7ba588132 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 27ef1410a7784577149bed6a466937c7ded6ba70 Author: Jonathan Druart Date: Tue Apr 28 11:26:44 2015 +0200 Bug 11941: Add link to patron lists from the patron home page The patron lists are only accessible from the tools module, which is not easily accessible when you are in the patron module. Test plan: Go on the patron home page. In the toolbar, you should see a link to the patron lists. NOTE: Tweaked button to a to get the click to work. Signed-off-by: Mark Tompsett Signed-off-by: Liz Rea Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi commit c07f83f643e6b8820d90487a23e91e9b062a5cd6 Author: Indranil Das Gupta Date: Mon May 25 05:25:04 2015 +0530 Bug 14206: Adds test for getletter() call from overdue_notices.pl Adds missing test for getletter() when called from overdue_notices.pl Test plan ========= 1/ apply this patch 2/ run prove -v t/db_dependent/Letters.t all tests should pass, especially test #40 which tests call from overdue_notices.pl Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 8895caa33985bbb0cad9b011c4706d4591d2869b Author: Indranil Das Gupta Date: Fri May 22 03:49:10 2015 +0530 Bug 14206: Adds delete function for non email templates C4::Letters::getletter() is called in tools/letter.pl by the function delete_confirm() to display the selected notice for deletion. Due to current implementation of getletter(), a notice that does not use the 'email' template (but uses any/all of the other templates - sms, print or phone) can't be deleted from the staff client. This patch adds deletion capability for notices that do not use email template, but uses any/all of the other templates i.e. sms, print or phone. This also adds 2 tests to t/db_dependent/Letters.t for testing both conditions - a) when message_transport_type is specified b) when it is not. Test plan ========= 1/ Go to Tools -> Notices & Slips. Add a new notice only for print, leave 'Library' and 'Koha module' options as default selections. Enter 'KOHA_14206' and 'Koha Test 14206' against Code and Name respectively, and 'Test' and 'Test Message' for subject and body. Leave the Email, Phone and SMS tabs blank. Save the notice. 2/ On the notices listing page the new notice will be listed. Try to delete it. It will load the 'Delete notice' dialog form, but the table will not show any data under s - 'Library', 'Module', 'Code' or 'Name'. 3/ Click the "Yes, delete" button. The page will be submitted and the Notices listing reloaded. The print-only KOHA_14206 notice should continue to exist. This is *wrong*. 4/ Apply this patch 5/ Reload the listings page and click on the 'Delete' link for Notice KOHA_14206. This time, it should show the data under 'Module', 'Code' or 'Name' at least. 6/ Click on 'Yes, delete'. The page should submit and the listing page reload. This time KOHA_14206 will be gone. 7/ Run prove -v t/db_dependent/Letters.t All tests should PASS without any error. Followed test plan. Works as expected. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit c34569480884a543d19f3e87d13153cc771fa135 Author: Jonathan Druart Date: Wed Apr 8 15:24:50 2015 +0200 Bug 13970: Remove category_type related code Working on bug 13497 and bug 9314, I run into some Koha vestiges. The category_type parameter should not be passed to memberentry. On creating a new patron, the categorycode should be passed, and on editing, it's useless. We can work with the borrowernumber and retrieve these values. Details of the changes: - members-toolbar.inc: Remove the category_type parameter passed to memberentry.pl - memberentrygen.tt: Just remove the useless category_type parameter on editing a patron. Also remove the unused one passed to guarantor_search.pl. - tables/members_results.tt: the borrowernumber is enough to edit a patron. - memberentry.pl: check_categorytype is never used in the template, all the process to calculate/retrieve it is unnecessary. - members/nl-search.tt: The borrowernumber is enough to edit a patron. Test plan: Try to create and edit patrons and verify that - the guarantor search still work - the form (memberentry) behave as before Edit a patron from the nl-search.pl script (Magnus?) Signed-off-by: Bernardo Gonzalez Kriegel On top of 9314 (13497 already pushed) No evident regressions found, add/edit patron works, search/set guarantor works. Cant test nl-patron.pl save for exec it. prove -v t/NorwegianPatronDB.t runs No koha-qa errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 9d793b2f7e229251887e96c13c1ad6cb9410de38 Author: Jonathan Druart Date: Wed Apr 8 13:29:28 2015 +0200 Bug 9314: Remove useless code related to the type_only parameter Since the pref AddPatronLists has been removed in bug 13497, the code related to type_only and category_type in memberentry.pl is useless. Test plan: Confirm you don't the information message. You can also confirm that the message was wrong and nothing was saved. Signed-off-by: Bernardo Gonzalez Kriegel Dead code removed, no errors Think that bug description can be updated to commit message Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 721a77e6696c26efedd1955569a00e1dff2aa6b8 Author: Kyle M Hall Date: Fri Jun 5 08:06:29 2015 -0400 Bug 14338: Unable to delete patron images The call to RmPatronImage is still passing cardnumber as its parameter instead of borrowernumber. Test Plan: 1) Upload a patron image 2) Ensure the card number is not the same as the borrower number 3) Attempt to delete patron image -- Image will remain 4) Apply this patch 5) Attempt to delete patron image -- Image will be removed 6) run koha qa test tools Signed-off-by: Mark Tompsett Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 41b9687d975a3c2a54cc28229d4ba76edf175de9 Author: Jonathan Druart Date: Fri May 22 13:11:19 2015 +0200 Bug 13265: Use sessionStorage to store searches instead of cookies This is a counter patch. The idea is to provide a permanent solution for the cookie length issue we occurred on storing the searches (intranet side). Test plan: Launch as many searches as you can (don't forget to sleep). You should not get any error. Confirm there is no regression using the results browser. Tested with 6 parralel searches in different tabs (with alternatively browising up and down). No problems found. Signed-off-by: Marc V?ron Signed-off-by: Katrin Fischer Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 9bef8f8738492564af7da78cba841366c70ada3c Author: Aleisha Date: Tue Jun 9 02:02:55 2015 +0000 Bug 14360: Unescaped variable causes alert pop-up To test: 1) Create a list in the OPAC, name it: 2) Delete the list 3) Confirm deletion 4) See the alert say 'Hello' 5) Apply patch 6) Recreate list with same name 7) Delete list 8) Confirm deletion and alert no longer pops up Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 9e920f7479df6d36db3e3450d6e6c2524fa9fe56 Author: Aleisha Date: Mon Jun 8 02:30:23 2015 +0000 Bug 14360: Unescaped variable causes alert Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert. To test: 1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 2) Notice pop-up box with alert 3) Apply patch, refresh page 4) Notice alert is gone Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit d75a751d49ad65b007572e02320735d2b02c9e1f Author: Mark Tompsett Date: Wed Apr 15 01:02:08 2015 -0400 Bug 10625: Inventory/Stocktaking tool cannot handle windows file uploads The current code uses $barcode = ; logic. This reads until \n, as far as I can tell. EOL is indicated by \n, \r, and \r\n depending on OS and software. So, to this end, rather than File::Slurp (which is a potential memory hog, which is already an issue with no filters), a loop to pre-read the barcodes was written. This loop includes: $barcode =~ s/\r/\n/g; $barcode =~ s/\n\n/\n/g; my @data = split(/\n/, $barcode); push @uploadedbarcodes, at data; So, that means that lines ending in \n would have it stripped and pushed into the uploaded barcodes array. Lines ending in \r would likely be read as one giant block, have everything converted to single \n's and then using a split, the set of barcodes are pushed into the uploaded barcodes array. Lines ending in \r\n would get that stripped and pushed into the uploaded barcodes array. It is then the uploaded barcodes array that is looped over for validating the barcodes. TEST PLAN --------- 1) Back up your database 2) Download the three sample files (or create your own) 3) Log in to staff client 4) Create a branch with no inventory. 5) Home -> Tools -> Inventory/Stocktaking 6) Browse for your '\r' test file. 7) Limit to just that branch 8) Click 'Submit' -- Confirm expected errors 9) Repeat steps 5-8 with the '\n' test file. 10) Repeat steps 5-8 with the '\r\n' test file. -- one of these repetitions should have problems. 11) Apply patch 12) Repeat steps 5-8 for each of the 3 test files. -- there should be no issues. 13) run koha qa test tools. Note: This is a tweak based on Jonathan Druart's comment #16 I have reset it to needs sign off again. Followed test plan. Works as expected. qa OK. Signed-off-by: Marc V?ron Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Letters.pm | 7 +- koha-tmpl/intranet-tmpl/js/browser.js | 80 ++++++++++---------- .../prog/en/includes/members-toolbar.inc | 22 ++---- .../prog/en/includes/patron-toolbar.inc | 3 + .../prog/en/modules/members/memberentrygen.tt | 13 ++-- .../prog/en/modules/members/moremember.tt | 2 +- .../prog/en/modules/members/nl-search.tt | 8 +- .../en/modules/members/tables/members_results.tt | 2 +- .../en/modules/opac-authoritiessearchresultlist.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 4 +- members/memberentry.pl | 15 +--- t/db_dependent/Letters.t | 17 ++++- tools/inventory.pl | 10 ++- tools/picture-upload.pl | 4 +- 14 files changed, 97 insertions(+), 96 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 11 16:19:21 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 11 Jun 2015 14:19:21 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-145-g4d417b9 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 4d417b9a2ea278ad203beb6e90f7da4d79f487df (commit) via 1f3e11c5bd64f46511d2632b7e9d5862f75b2e25 (commit) via 99df63b4b032e526c3a57da316e08d896b68ce00 (commit) via ca17301881792940bba6a3de99693a0384d47f29 (commit) via 074f8637e8bccabe2edeb3bd8e1584cede914387 (commit) via 04052875380bd113c146279b675f57fa60d1088d (commit) via 57608fdecb2503088a8d02717fd992e84c849d28 (commit) from 27ef1410a7784577149bed6a466937c7ded6ba70 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4d417b9a2ea278ad203beb6e90f7da4d79f487df Author: Tomas Cohen Arazi Date: Thu Jun 11 10:29:06 2015 -0300 Bug 7981: DBRev 3.21.00.008 Signed-off-by: Tomas Cohen Arazi commit 1f3e11c5bd64f46511d2632b7e9d5862f75b2e25 Author: Jonathan Druart Date: Tue May 26 11:55:56 2015 +0200 Bug 7981: Reintroduce dropboxdate The parameter was lost in previous commit. Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 99df63b4b032e526c3a57da316e08d896b68ce00 Author: Kyle M Hall Date: Mon Apr 20 06:39:33 2015 -0400 Bug 7981: (QA followup) Rename TT vars Signed-off-by: Kyle M Hall Signed-off-by: Mirko Tietgen Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit ca17301881792940bba6a3de99693a0384d47f29 Author: Katrin Fischer Date: Tue Apr 21 11:56:16 2015 +0200 Bug 7981: Follow-up - Fix qa script complaints - Fix updatedatabase, moving the update entry into the right spot - Fix some tabs Signed-off-by: Kyle M Hall Signed-off-by: Mirko Tietgen Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 074f8637e8bccabe2edeb3bd8e1584cede914387 Author: Jonathan Druart Date: Mon Apr 13 13:21:49 2015 +0200 Bug 7981: Use The Branches TT plugin instead of GetBranchName Note that homebranchname is never used in the template. Signed-off-by: Jonathan Druart Signed-off-by: Kyle M Hall Signed-off-by: Mirko Tietgen Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 04052875380bd113c146279b675f57fa60d1088d Author: Jonathan Druart Date: Mon Apr 13 13:21:41 2015 +0200 Bug 7981: Remove HomeOrHoldingBranchReturn syspref from C4::UsageStats Signed-off-by: Jonathan Druart Signed-off-by: Kyle M Hall Signed-off-by: Mirko Tietgen Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 57608fdecb2503088a8d02717fd992e84c849d28 Author: Benjamin Rokseth Date: Thu Mar 5 16:09:00 2015 +0100 Bug 7981: Remove HomeOrHoldingBranchReturn syspref This patch removes HomeOrHoldingBranchReturn syspref and makes circ/returns.pl respect branch circulation rules from C4::Circulation::GetBranchItemRule. Also transfer slip notice should reflect this. Default should always be to return item to home branch. Test plan: - make sure syspref 'AutomaticItemReturn' is set to 'false' - unset 'Default checkout, hold and return policy' or set 'Return policy' to 'Item returns home' - checkout an item and do a checkin from different branch than items homebranch - verify that you're prompted with a transfer message to item's home branch and that print slip matches - set 'Return policy' to 'Item returns to issuing library' - do a checkout and a checkin from branch different than item's home branch - verify that you're not prompted with a transfer message and that holding library is your current branch Signed-off-by: Kyle M Hall Follow-up: - Added 3 tests in t/db_dependent/Circulation_Branches.t to test AddReturn policies - Removed HomeOrHoldingBranchReturn from sysprefs.sql - Added notice on removing syspref in updatedatabase QA edits: - removed trailing whitespace in tests - moved branchname lookup from returns.pl to template Signed-off-by: Jonathan Druart Signed-off-by: Mirko Tietgen Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Circulation.pm | 35 +++--- C4/UsageStats.pm | 1 - Koha.pm | 2 +- circ/returns.pl | 16 ++- installer/data/mysql/sysprefs.sql | 1 - installer/data/mysql/updatedatabase.pl | 10 ++ .../en/modules/admin/preferences/circulation.pref | 7 -- .../intranet-tmpl/prog/en/modules/circ/returns.tt | 10 +- t/db_dependent/Circulation_Branch.t | 124 +++++++++++++++++--- 9 files changed, 153 insertions(+), 53 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 11 18:07:25 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 11 Jun 2015 16:07:25 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-147-g83da81e Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 83da81e0ce2116bbcfd6581a58e3f50dbbfcc3f1 (commit) via bba78196d36b80d5f89cff6c86cb842bed6b259b (commit) from 4d417b9a2ea278ad203beb6e90f7da4d79f487df (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 83da81e0ce2116bbcfd6581a58e3f50dbbfcc3f1 Author: Jonathan Druart Date: Thu Jun 4 16:28:08 2015 +0200 Bug 14029: Provide 'clear' link to empty reports search filters Patch adds a 'clear' link next to the 'Apply filters' button to empty out the form fields. To test: - go to the reports module - make sure you have some saved reports - search your saved reports using the author, keyword and date filters - verify searching works as expected - verify the new 'clear' link works as expected Tested couner patch, followed test plan, works as expected. QA tools ok. Signed-off-by: Marc V?ron Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit bba78196d36b80d5f89cff6c86cb842bed6b259b Author: Kyle M Hall Date: Tue Nov 25 10:59:01 2014 -0500 Bug 13336 - Add time to date column for patron circulation history Some librarians have expressed that it would be very helpful to have the hours displayed in the date column for a patron's circulation history. The time an action took place can be vital to tracking down which librarians were working at the time a given circulation action took place. Test Plan: 1) View a patron's circulation history 2) Note the Date column has no hour/minute 3) Apply this patch 4) Reload the page 5) Note the hour and minutes now display Signed-off-by: David Roberts Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: koha-tmpl/intranet-tmpl/prog/en/modules/members/readingrec.tt | 2 +- .../intranet-tmpl/prog/en/modules/reports/guided_reports_start.tt | 5 ++++- reports/guided_reports.pl | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 11 19:37:34 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 11 Jun 2015 17:37:34 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-148-gcc7b795 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via cc7b795f840e671e9ed14e2833881d18630e3ce6 (commit) from 83da81e0ce2116bbcfd6581a58e3f50dbbfcc3f1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cc7b795f840e671e9ed14e2833881d18630e3ce6 Author: Matthias Meusburger Date: Wed May 27 11:52:10 2015 +0200 Bug 14280: Add branches fields to discharges letters Currently, when generating a discharge letter, branches fields are not translated in the letter (<>, <>, etc.) This patch fixes that. How I tested: - Set syspref 'useDischarge' to 'allow' - Go to Home > Tools > Notices & Slips - Edit DISCHARGE, add to 'Email message':

<>
<>
<>
<>
<> <>

- Go to detail page of a patron > discharge - Click 'Generate discharge' - Verify that the PDF contains the information above. Signed-off-by: Marc V?ron Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: Koha/Borrower/Discharge.pm | 2 +- members/discharge.pl | 2 +- opac/opac-discharge.pl | 6 +++++- 3 files changed, 7 insertions(+), 3 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 11 22:04:21 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 11 Jun 2015 20:04:21 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-51-g1ae3729 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 1ae372980b11381bae8c32d3f8afd2e9382d50d9 (commit) via 47159b672e8328b66673fb9253bbecb75a5a69dd (commit) from a47a89fa472e434f0dafccd991fa7991d5efe830 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1ae372980b11381bae8c32d3f8afd2e9382d50d9 Author: Jonathan Druart Date: Thu Jun 4 11:35:15 2015 +0200 Bug 14256: (follow-up) Check for unique constraint to regenerate random data There were some issues in the previous patch. This patch fixes the following: - rename $value with $original_value - remove $at_least_one_constraint_failed and $values_ok which make the code unnecessarily complicated - the constraints have to be checked only if no original value is passed - _buildColumnValue created a key to the default value hashref, it broke the test: last BUILD_VALUE if exists( $default_value->{$source} ); Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit c5bc51d7d1b6c98e9d897022f91d8e0806cf4524) Signed-off-by: Chris Cormack commit 47159b672e8328b66673fb9253bbecb75a5a69dd Author: Tomas Cohen Arazi Date: Wed Jun 3 15:54:57 2015 -0300 Bug 14256: Check for unique constraint to regenerate random data Unique constraints should be checked when creating random data. Otherwise we get failures when the generated data already exists on the DB. This patch takes advantage of ->unique_constraints() to do the job, looping through all the unique constraints defined for the source. Signed-off-by: Tomas Cohen Arazi Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 395304d3b58d79bb1306c4e6f799548e2d875356) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: t/lib/TestBuilder.pm | 62 ++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 52 insertions(+), 10 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 11 22:51:59 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 11 Jun 2015 20:51:59 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-58-g175cc45 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 175cc45fcb26dba704d20ad1ac5b82c65cd2046e (commit) via 82a72506809b712e88146eb4926781c5247a9091 (commit) via 7c325f095f0b75b84d6aac002b5df4800f36605f (commit) via fc3fe18d05f2d12e1bfb33b279112680b6fd16a9 (commit) via cab96a3c8c4cf1827bf3350107e82da75b8b8856 (commit) via ff0281d40ad9bcff563a595082b051dd4304ffc2 (commit) via 98956a99c05160d215bf637516c0091c39a1040c (commit) from 1ae372980b11381bae8c32d3f8afd2e9382d50d9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 175cc45fcb26dba704d20ad1ac5b82c65cd2046e Author: Jonathan Druart Date: Wed Apr 8 15:24:50 2015 +0200 Bug 13970: Remove category_type related code Working on bug 13497 and bug 9314, I run into some Koha vestiges. The category_type parameter should not be passed to memberentry. On creating a new patron, the categorycode should be passed, and on editing, it's useless. We can work with the borrowernumber and retrieve these values. Details of the changes: - members-toolbar.inc: Remove the category_type parameter passed to memberentry.pl - memberentrygen.tt: Just remove the useless category_type parameter on editing a patron. Also remove the unused one passed to guarantor_search.pl. - tables/members_results.tt: the borrowernumber is enough to edit a patron. - memberentry.pl: check_categorytype is never used in the template, all the process to calculate/retrieve it is unnecessary. - members/nl-search.tt: The borrowernumber is enough to edit a patron. Test plan: Try to create and edit patrons and verify that - the guarantor search still work - the form (memberentry) behave as before Edit a patron from the nl-search.pl script (Magnus?) Signed-off-by: Bernardo Gonzalez Kriegel On top of 9314 (13497 already pushed) No evident regressions found, add/edit patron works, search/set guarantor works. Cant test nl-patron.pl save for exec it. prove -v t/NorwegianPatronDB.t runs No koha-qa errors Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit c34569480884a543d19f3e87d13153cc771fa135) Signed-off-by: Chris Cormack commit 82a72506809b712e88146eb4926781c5247a9091 Author: Jonathan Druart Date: Wed Apr 8 13:29:28 2015 +0200 Bug 9314: Remove useless code related to the type_only parameter Since the pref AddPatronLists has been removed in bug 13497, the code related to type_only and category_type in memberentry.pl is useless. Test plan: Confirm you don't the information message. You can also confirm that the message was wrong and nothing was saved. Signed-off-by: Bernardo Gonzalez Kriegel Dead code removed, no errors Think that bug description can be updated to commit message Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 9d793b2f7e229251887e96c13c1ad6cb9410de38) Signed-off-by: Chris Cormack commit 7c325f095f0b75b84d6aac002b5df4800f36605f Author: Kyle M Hall Date: Fri Jun 5 08:06:29 2015 -0400 Bug 14338: Unable to delete patron images The call to RmPatronImage is still passing cardnumber as its parameter instead of borrowernumber. Test Plan: 1) Upload a patron image 2) Ensure the card number is not the same as the borrower number 3) Attempt to delete patron image -- Image will remain 4) Apply this patch 5) Attempt to delete patron image -- Image will be removed 6) run koha qa test tools Signed-off-by: Mark Tompsett Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 721a77e6696c26efedd1955569a00e1dff2aa6b8) Signed-off-by: Chris Cormack commit fc3fe18d05f2d12e1bfb33b279112680b6fd16a9 Author: Jonathan Druart Date: Fri May 22 13:11:19 2015 +0200 Bug 13265: Use sessionStorage to store searches instead of cookies This is a counter patch. The idea is to provide a permanent solution for the cookie length issue we occurred on storing the searches (intranet side). Test plan: Launch as many searches as you can (don't forget to sleep). You should not get any error. Confirm there is no regression using the results browser. Tested with 6 parralel searches in different tabs (with alternatively browising up and down). No problems found. Signed-off-by: Marc V?ron Signed-off-by: Katrin Fischer Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 41b9687d975a3c2a54cc28229d4ba76edf175de9) Signed-off-by: Chris Cormack commit cab96a3c8c4cf1827bf3350107e82da75b8b8856 Author: Aleisha Date: Tue Jun 9 02:02:55 2015 +0000 Bug 14360: Unescaped variable causes alert pop-up To test: 1) Create a list in the OPAC, name it: 2) Delete the list 3) Confirm deletion 4) See the alert say 'Hello' 5) Apply patch 6) Recreate list with same name 7) Delete list 8) Confirm deletion and alert no longer pops up Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 9bef8f8738492564af7da78cba841366c70ada3c) Signed-off-by: Chris Cormack commit ff0281d40ad9bcff563a595082b051dd4304ffc2 Author: Aleisha Date: Mon Jun 8 02:30:23 2015 +0000 Bug 14360: Unescaped variable causes alert Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert. To test: 1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 2) Notice pop-up box with alert 3) Apply patch, refresh page 4) Notice alert is gone Signed-off-by: Katrin Fischer Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 9e920f7479df6d36db3e3450d6e6c2524fa9fe56) Signed-off-by: Chris Cormack commit 98956a99c05160d215bf637516c0091c39a1040c Author: Mark Tompsett Date: Wed Apr 15 01:02:08 2015 -0400 Bug 10625: Inventory/Stocktaking tool cannot handle windows file uploads The current code uses $barcode = ; logic. This reads until \n, as far as I can tell. EOL is indicated by \n, \r, and \r\n depending on OS and software. So, to this end, rather than File::Slurp (which is a potential memory hog, which is already an issue with no filters), a loop to pre-read the barcodes was written. This loop includes: $barcode =~ s/\r/\n/g; $barcode =~ s/\n\n/\n/g; my @data = split(/\n/, $barcode); push @uploadedbarcodes, at data; So, that means that lines ending in \n would have it stripped and pushed into the uploaded barcodes array. Lines ending in \r would likely be read as one giant block, have everything converted to single \n's and then using a split, the set of barcodes are pushed into the uploaded barcodes array. Lines ending in \r\n would get that stripped and pushed into the uploaded barcodes array. It is then the uploaded barcodes array that is looped over for validating the barcodes. TEST PLAN --------- 1) Back up your database 2) Download the three sample files (or create your own) 3) Log in to staff client 4) Create a branch with no inventory. 5) Home -> Tools -> Inventory/Stocktaking 6) Browse for your '\r' test file. 7) Limit to just that branch 8) Click 'Submit' -- Confirm expected errors 9) Repeat steps 5-8 with the '\n' test file. 10) Repeat steps 5-8 with the '\r\n' test file. -- one of these repetitions should have problems. 11) Apply patch 12) Repeat steps 5-8 for each of the 3 test files. -- there should be no issues. 13) run koha qa test tools. Note: This is a tweak based on Jonathan Druart's comment #16 I have reset it to needs sign off again. Followed test plan. Works as expected. qa OK. Signed-off-by: Marc V?ron Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi (cherry picked from commit d75a751d49ad65b007572e02320735d2b02c9e1f) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: koha-tmpl/intranet-tmpl/js/browser.js | 80 ++++++++++---------- .../prog/en/includes/members-toolbar.inc | 22 ++---- .../prog/en/modules/members/memberentrygen.tt | 13 ++-- .../prog/en/modules/members/moremember.tt | 2 +- .../prog/en/modules/members/nl-search.tt | 8 +- .../en/modules/members/tables/members_results.tt | 2 +- .../en/modules/opac-authoritiessearchresultlist.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 4 +- members/memberentry.pl | 15 +--- tools/inventory.pl | 10 ++- tools/picture-upload.pl | 4 +- 11 files changed, 74 insertions(+), 92 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Sun Jun 14 23:02:57 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Sun, 14 Jun 2015 21:02:57 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-60-gbb86b74 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via bb86b74d186d7ea9652527f7c7db24f96b08878f (commit) via 5bd077b94701434a6f6a1ae8eb8b492ad3cd0d80 (commit) from 175cc45fcb26dba704d20ad1ac5b82c65cd2046e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bb86b74d186d7ea9652527f7c7db24f96b08878f Author: Indranil Das Gupta Date: Mon May 25 05:25:04 2015 +0530 Bug 14206: Adds test for getletter() call from overdue_notices.pl Adds missing test for getletter() when called from overdue_notices.pl Test plan ========= 1/ apply this patch 2/ run prove -v t/db_dependent/Letters.t all tests should pass, especially test #40 which tests call from overdue_notices.pl Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit c07f83f643e6b8820d90487a23e91e9b062a5cd6) Signed-off-by: Chris Cormack commit 5bd077b94701434a6f6a1ae8eb8b492ad3cd0d80 Author: Indranil Das Gupta Date: Fri May 22 03:49:10 2015 +0530 Bug 14206: Adds delete function for non email templates C4::Letters::getletter() is called in tools/letter.pl by the function delete_confirm() to display the selected notice for deletion. Due to current implementation of getletter(), a notice that does not use the 'email' template (but uses any/all of the other templates - sms, print or phone) can't be deleted from the staff client. This patch adds deletion capability for notices that do not use email template, but uses any/all of the other templates i.e. sms, print or phone. This also adds 2 tests to t/db_dependent/Letters.t for testing both conditions - a) when message_transport_type is specified b) when it is not. Test plan ========= 1/ Go to Tools -> Notices & Slips. Add a new notice only for print, leave 'Library' and 'Koha module' options as default selections. Enter 'KOHA_14206' and 'Koha Test 14206' against Code and Name respectively, and 'Test' and 'Test Message' for subject and body. Leave the Email, Phone and SMS tabs blank. Save the notice. 2/ On the notices listing page the new notice will be listed. Try to delete it. It will load the 'Delete notice' dialog form, but the table will not show any data under s - 'Library', 'Module', 'Code' or 'Name'. 3/ Click the "Yes, delete" button. The page will be submitted and the Notices listing reloaded. The print-only KOHA_14206 notice should continue to exist. This is *wrong*. 4/ Apply this patch 5/ Reload the listings page and click on the 'Delete' link for Notice KOHA_14206. This time, it should show the data under 'Module', 'Code' or 'Name' at least. 6/ Click on 'Yes, delete'. The page should submit and the listing page reload. This time KOHA_14206 will be gone. 7/ Run prove -v t/db_dependent/Letters.t All tests should PASS without any error. Followed test plan. Works as expected. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 8895caa33985bbb0cad9b011c4706d4591d2869b) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: C4/Letters.pm | 7 ++++--- t/db_dependent/Letters.t | 17 ++++++++++++++++- 2 files changed, 20 insertions(+), 4 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Sun Jun 14 23:20:30 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Sun, 14 Jun 2015 21:20:30 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-61-g91c377f Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 91c377f2fefacf621b20712e580dedb4147e220b (commit) from bb86b74d186d7ea9652527f7c7db24f96b08878f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 91c377f2fefacf621b20712e580dedb4147e220b Author: Jonathan Druart Date: Tue Apr 28 11:26:44 2015 +0200 Bug 11941: Add link to patron lists from the patron home page The patron lists are only accessible from the tools module, which is not easily accessible when you are in the patron module. Test plan: Go on the patron home page. In the toolbar, you should see a link to the patron lists. NOTE: Tweaked button to a to get the click to work. Signed-off-by: Mark Tompsett Signed-off-by: Liz Rea Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 27ef1410a7784577149bed6a466937c7ded6ba70) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: koha-tmpl/intranet-tmpl/prog/en/includes/patron-toolbar.inc | 3 +++ 1 file changed, 3 insertions(+) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 17 14:53:52 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 17 Jun 2015 12:53:52 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-151-gd56a275 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via d56a275c0d101e7969192ef326ceaa64cacf83d8 (commit) via 38048bc420ffa6f2a5a73287fdff5e2d8cbe63ef (commit) via 2fe241cc0f774799b8dca329d41d03f2217ffcaa (commit) from cc7b795f840e671e9ed14e2833881d18630e3ce6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d56a275c0d101e7969192ef326ceaa64cacf83d8 Author: Jonathan Druart Date: Fri May 22 11:58:18 2015 +0200 Bug 14070: Prevent to save a letter if an error occurred On saving a letter, if the title or the content of a template is not defined, a JS alert is raised. But the form is submitted anyway. This patch prevent the form to be submitted. Test plan: - Create or edit a letter - Fill the title for a template, not the content - Save - Confirm you get the alert and that the form is not submitted http://bugs.koha-community.org/show_bug.cgi?id=14070 Signed-off-by: Indranil Das Gupta Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 38048bc420ffa6f2a5a73287fdff5e2d8cbe63ef Author: Katrin Fischer Date: Mon Jun 8 01:49:24 2015 +0200 Bug 14351: Remove given-when from opac-search.pl Reformats given-when to if-elsif-else in opac-search.pl to remove the experimental feature and with it a lot of warnings from the logs. To test: - Do several different advanced searches with and without expanded search options - Verify the link back to the search appears above the results list and works correctly See also: test plan on bug 13307 NOTE: Even installed firefox plug in to edit cookies to trigger else case. :) Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 2fe241cc0f774799b8dca329d41d03f2217ffcaa Author: Katrin Fischer Date: Sat Jun 6 14:34:57 2015 +0200 Bug 14350: Missing statement in kohastructure.sql - DROP TABLE IF EXISTS borrower_sync Reported by Jonathan on bug 11401: DROP TABLE IF EXISTS borrower_sync; is missing in installer/data/mysql/kohastructure.sql To test: - Run the web installer and confirm all tables are created correctly Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: installer/data/mysql/kohastructure.sql | 1 + koha-tmpl/intranet-tmpl/prog/en/modules/tools/letter.tt | 8 ++++++-- opac/opac-search.pl | 15 ++++++++------- 3 files changed, 15 insertions(+), 9 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 18 00:11:27 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 17 Jun 2015 22:11:27 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-62-g6975ac1 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 6975ac1db7aebbc2d8f90379f66ad5d14f9f0cbe (commit) from 91c377f2fefacf621b20712e580dedb4147e220b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6975ac1db7aebbc2d8f90379f66ad5d14f9f0cbe Author: Katrin Fischer Date: Sat Jun 6 14:34:57 2015 +0200 Bug 14350: Missing statement in kohastructure.sql - DROP TABLE IF EXISTS borrower_sync Reported by Jonathan on bug 11401: DROP TABLE IF EXISTS borrower_sync; is missing in installer/data/mysql/kohastructure.sql To test: - Run the web installer and confirm all tables are created correctly Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 2fe241cc0f774799b8dca329d41d03f2217ffcaa) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: installer/data/mysql/kohastructure.sql | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 18 00:21:10 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 17 Jun 2015 22:21:10 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-63-g0ba2e45 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 0ba2e45448ff078de897b5eebd1acce5557b8a34 (commit) from 6975ac1db7aebbc2d8f90379f66ad5d14f9f0cbe (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0ba2e45448ff078de897b5eebd1acce5557b8a34 Author: Katrin Fischer Date: Mon Jun 8 01:49:24 2015 +0200 Bug 14351: Remove given-when from opac-search.pl Reformats given-when to if-elsif-else in opac-search.pl to remove the experimental feature and with it a lot of warnings from the logs. To test: - Do several different advanced searches with and without expanded search options - Verify the link back to the search appears above the results list and works correctly See also: test plan on bug 13307 NOTE: Even installed firefox plug in to edit cookies to trigger else case. :) Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi (cherry picked from commit 38048bc420ffa6f2a5a73287fdff5e2d8cbe63ef) Signed-off-by: Chris Cormack ----------------------------------------------------------------------- Summary of changes: opac/opac-search.pl | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 18 09:28:38 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 18 Jun 2015 07:28:38 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-2-g1eb03a7 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via 1eb03a7f81110429bf71561c24b7251e4e4cd9fb (commit) via 12132f1f57bb6e2a88f9c504f195193f49578753 (commit) from 4ffa5ff5cdb7a9bfa63de43bc6cb468834bea397 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1eb03a7f81110429bf71561c24b7251e4e4cd9fb Author: Martin Renvoize Date: Tue Jan 6 06:54:00 2015 +0000 Bug 13521: Add missing semicolon Add a missing semicolon to the end of a template variable assignment line. This patch should not affect operation. Note: With Bug 13499 we did a non-destructive perltidy, as such we only affected indenting and whitespace to maintain blame history. However, a number of minor code issues were also highlighted, in this series of patches I hope to correct other minor style issues. Signed-off-by: Chris Cormack Signed-off-by: Jonathan Druart Signed-off-by: Mason James (cherry picked from commit e27969c5028211298bc4006013c0ae184d80ff5d) Signed-off-by: Fridolin Somers commit 12132f1f57bb6e2a88f9c504f195193f49578753 Author: Martin Renvoize Date: Tue Jan 6 06:48:29 2015 +0000 Bug 13521: Removed superflous semicolon Removed an uneeded semicolon from the end of an 'if' block. This should not affect operation of the script. Note: With Bug 13499 we did a non-destructive perltidy, as such we only affected indenting and whitespace to maintain blame history. However, a number of minor code issues were also highlighted, in this series of patches I hope to correct other minor style issues. Signed-off-by: Chris Cormack Signed-off-by: Jonathan Druart Signed-off-by: Mason James (cherry picked from commit c9d12187da005391b4cb8358e7adbcbab105e9ff) Signed-off-by: Fridolin Somers ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 18 09:30:36 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 18 Jun 2015 07:30:36 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-3-g314f469 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via 314f4696e2612b051968dcb42cf9cc613ad0361c (commit) from 1eb03a7f81110429bf71561c24b7251e4e4cd9fb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 314f4696e2612b051968dcb42cf9cc613ad0361c Author: Mason James Date: Thu Apr 9 15:33:02 2015 +1200 Bug 12954: Failed login should retain anonymous session (3.16.x) A failed login should not leave the user in a half logged authenticated state, but rather return them to an anonymouse session as per the pre-login attempt state. To replicate error: 1. Try to log in with some nonexisting user id or wrong password in the OPAC 2. Go directly to /opac-user.pl (e.g., enter it in the browser address bar, or just click on the "Log in" link) 3. Observe a DBI error displayed on the screen 4. You are now in the "deadloop" of sorts (opac/opac-user.pl refuses to display the login screen, no matter how many times you try to reload it); to break the deadloop, one needs to: - remove session cookie from the browser (or cause the session to expire in some other way - closing browser window would be probably enough for that) - remove offending session on the server (from mysql sessions table, ..) - log in with proper credentials using some other page (like opac/opac-main.pl right-side panel), which does not involve opac/opac-user.pl being called without "userid" CGI parameter. To test: 1. Test as above, the DBI error should no longer be present 2. Check that search history works across failed and sucessful login attempts Signed-off-by: Chris Cormack Signed-off-by: Jonathan Druart Signed-off-by: Mason James (cherry picked from commit 7f504acc13a361ba93504917498ae955b82ed430) Signed-off-by: Fridolin Somers ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 2 ++ 1 file changed, 2 insertions(+) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Fri Jun 19 16:43:48 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Fri, 19 Jun 2015 14:43:48 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-165-ga80d188 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via a80d188c83be6131c9274a29c5dcc03893c9e617 (commit) via a712f5b7bad38cb9f5ad599fdb063cbe6e49c547 (commit) via a810b1cf59fc0e44ca88b3746b7c0a813703c59c (commit) via f668a46e23746daa18c5fe8c6005a8661553c645 (commit) via b335b7299120f642a0f7d7654937521df8f75ba6 (commit) via 2eaeb708795e7624eb8873b617d4a38d69fa84fc (commit) via c76b6a148b85b27ec0d3c4bea1f78ab30d3df72f (commit) via be35039b55a351c97f2c1f9a5b373cb26ac5e0b0 (commit) via d847b1d92a9df6db2bb5321f032f3ec13d6ba55d (commit) via b740b1b412e11b1d540b243e7b1767cc0c1cb962 (commit) via 688452ad7e9131a53a96bd826e6228e73494fa53 (commit) via 7ab873aaea298c787e93438012fa8792345664f4 (commit) via 892d374b64fa4eed98955d75b517702f78f1ca40 (commit) via 7c0c92807f49ef61aa975e84cf26d42f7dfa425f (commit) from d56a275c0d101e7969192ef326ceaa64cacf83d8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a80d188c83be6131c9274a29c5dcc03893c9e617 Author: Tomas Cohen Arazi Date: Fri Jun 19 11:44:16 2015 -0300 Bug 13993: DBRev 3.21.00.009 Signed-off-by: Tomas Cohen Arazi commit a712f5b7bad38cb9f5ad599fdb063cbe6e49c547 Author: Jonathan Druart Date: Tue May 26 18:10:14 2015 +0200 Bug 13993: Clarify test messages Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit a810b1cf59fc0e44ca88b3746b7c0a813703c59c Author: Amit Gupta Date: Tue Apr 14 14:07:07 2015 +0530 Bug 13993: (3) Transfer order leaves incorrect orderstatus 11) Apply patch (3) 12) Log in to staff client 13) Acquisitions 14) Create a basket for two different vendors 15) Place an order in one vendor's basket. 16) Transfer the order to the other vendor's basket. 17) prove -v t/db_dependent/Acquisition/TransferOrder.t -- This should succeed without intervention. 18) Run koha qa test tools for the last 3 commits. Signed-off-by: Indranil Das Gupta Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit f668a46e23746daa18c5fe8c6005a8661553c645 Author: Mark Tompsett Date: Thu Apr 16 09:14:54 2015 -0400 Bug 13993: (2) Correct poorly transferred orders Added Atomic Update to fix poorly transferred orders TEST PLAN --------- 8) Apply patch (2) 9) Run the database updates $ ./installer/data/mysql/updatedatabase.pl -- This should run without error 10) prove -v t/db_dependent/Acquisition/TransferOrder.t -- This should fail, because the transfer function is still not fixed. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit b335b7299120f642a0f7d7654937521df8f75ba6 Author: Mark Tompsett Date: Thu Apr 16 08:54:30 2015 -0400 Bug 13993: (1) Add tests to confirm 'new' and 'cancelled' This adds 2 tests to t/db_dependent/Acquisition/TransferOrder.t in order to confirm the order's status is properly marked. TEST PLAN --------- 1) Log into staff client 2) Acquisitions 3) Create a basket for two differing vendors. 4) Place an order in one of the baskets. 5) Transfer the order from one vendor's basket to the others. 6) Apply this patch (1) only 7) prove -v t/db_dependent/Acquisition/TransferOrder.t -- should fail one test: not marked as 'cancelled'. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 2eaeb708795e7624eb8873b617d4a38d69fa84fc Author: Katrin Fischer Date: Tue Jun 9 02:32:46 2015 +0200 Bug 14215: Change the 'delimiter' syspref description for its wider use Patch changes 'report files' to 'CSV files' as there are more options now for downloading and creating CSV files where this preference is taken into account. To test: - Verify the changed system preference description for 'delimiter' is correct. Signed-off-by: Marc V?ron Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit c76b6a148b85b27ec0d3c4bea1f78ab30d3df72f Author: Fr?d?ric Demians Date: Tue May 26 18:23:11 2015 +0200 Bug 13904: Make unimarc_field_4XX displays usefull 200 subfield data When searching for multivolumes titles, UNIMARC 4xx field plugin displays the title of the biblios (200$a), without giving info about volumes (200 $h $i). It neither doesn't display $e (subtitle) info which could greatly help to disambiguate search result. The displayed title is supposed to link to a biblio record view (MARC / normal). It doesn't work. TO TEST: - On a UNIMARC Koha, add a new biblio record - Call the 4XX plugin from 461/463 field - Search for a biblio record which contains 200$e, and/or 200$h and/or 200$i subfields. - You get a result list, with two issues: 1. $a, $h & $i aren't displayed 2. Biblio title is not a link - Apply the patch, and repeat previous steps. Signed-off-by: Bernardo Gonzalez Kriegel I got a link on fulltitle, but in 'ahie' order (not aehi) Fixed some tabs. Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit be35039b55a351c97f2c1f9a5b373cb26ac5e0b0 Author: Jonathan Druart Date: Tue Mar 24 17:01:30 2015 +0100 Bug 4137: Fix the OPACViewOthersSuggestions behavior This pref does not work at all, the interface let the user choose to list all suggestions, but whatever he chooses the suggestion list is the same. This patch cleans a bit the suggestedby management. There are a lot of cases to test, because linked to 2 prefs: AnonSuggestions and OPACViewOthersSuggestions. 1/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 0 - A non logged in user is not able to make a suggestion. - A logged in user is not able to see suggestions made by someone else. 2/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 1 - A non logged in user is not able to make a suggestion. - A logged in user is able to see suggestions made by someone else. 3/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 0 - A non logged in user is able to make a suggestion. The suggestedby field will be filled with the AnonymousPatron pref value. He is not able to see suggestions, even the ones made by AnonymousPatron. - A logged in user is not able to see suggestions made by someone else. 4/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 1 - A non logged in user is able to make a suggestion. He is able to see all suggestions. - A logged in user is able to see suggestions made by someone else. In all cases a logged in user should be able to search for suggestions (except if he is not able to see them). Signed-off-by: Bernardo Gonzalez Kriegel All use cases tested, work as expected No errors Only comment is perhaps (in the future) a gracefull failure when AnonymousPatron is not set, or has '0' value Message is DBIx::Class::ResultSet::create(): Column 'suggestedby' cannot be null at ... Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit d847b1d92a9df6db2bb5321f032f3ec13d6ba55d Author: Jonathan Druart Date: Wed Apr 22 12:14:24 2015 +0200 Bug 10866: Hide patron's history if intranetreadinghistory is set to not allow If set to "not allow", the intranetreadinghistory pref prevent staff members to access patron's checkout history. But: 1/ The page is still accessible if you know the url 2/ The history can be consulted on the item history page Test plan: 0/ Don't apply this patch 1/ Set the intranetreadinghistory to allow 2/ Go on a patron's checkout history page 3/ Open a new tab and go on a item's checkout history page 4/ Set the intranetreadinghistory to not allow 5/ Refresh both pages => no change 6/ Apply this patch 7/ Refresh both page. On the first page, you should see a warning On the other one, you should see that the patron column is not displayed anymore. Followed test plan, results were as expected. Signed-off-by: Marc V?ron http://bugs.koha-community.org/show_bug.cgi?id=10886 Signed-off-by: Katrin Fischer Nice addition! Signed-off-by: Tomas Cohen Arazi commit b740b1b412e11b1d540b243e7b1767cc0c1cb962 Author: Magnus Enger Date: Wed Jun 17 14:36:44 2015 +0200 Bug 14403: Remove warn in Koha::NorwegianPatronDB Line 99 has an unconditional warn, left over from development: warn "$combined_username => $combined_password"; This patch deletes the line i question. To test: No testing needed, just have a look at the diff and see that it makes sense to delete the warn. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 688452ad7e9131a53a96bd826e6228e73494fa53 Author: Katrin Fischer Date: Mon Jun 8 05:04:56 2015 +0200 Bug 13427: jQuery Timepicker is not translated on returns page The returns page was missing an include with the translated strings. To test: - Install an additional language, like de-DE - Confirm the bug on the returns page - Make sure SpecifyReturnDate is activated - Open the datepicker, look at the time settings - Apply the patch - Reinstall the language, no update of the po files is needed - Retest - Verify, that now the time settings are translated Signed-off-by: Josef Moravec Works as expected Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 7ab873aaea298c787e93438012fa8792345664f4 Author: Katrin Fischer Date: Mon Jun 8 03:18:35 2015 +0200 Bug 11467: Bug Untranslatable srings in opac-detail.tt (IDreamBooks*, OpacBrowseResults) Patch marks several strings in the Javascript on the OPAC detail and result page for translation. 1) IDreamBooks* - Activate the 3 IDreamBooks* system preferences - Check the 'cloud' and additional content shows up correctly on the detail and result pages - Verify everything works as expected and the same as without the patch 2) OpacBrowseResults - Activate OpacBrowseResults - Do various searches - Verify the nex, previous, browse result list features still work the same as without the patch Bonus: Check new strings appear in the .po files by updating one language with the patch applied (perl translate update de-DE) NOTE: Really should have read the test plan more closely. I couldn't find the 'Go to detail:' section, until I clicked 'Browse results'. Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 892d374b64fa4eed98955d75b517702f78f1ca40 Author: Aleisha Date: Tue Jun 9 18:20:52 2015 +0000 Bug 11011: Rephrasing 'in keyword' in OPAC authority search Using 'in the complete record' rather than 'in keyword'. I think this fits well as it seems that this means the search looks anywhere in the record. To test: 1) In the OPAC, click on Authority Search 2) Notice that in the drop-down menu for the 'Where:' field, there is an 'in keyword' option. 3) Apply patch 4) Now says 'in the complete record' Signed-off-by: Katrin Fischer Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 7c0c92807f49ef61aa975e84cf26d42f7dfa425f Author: Katrin Fischer Date: Sun Jun 7 23:45:10 2015 +0200 Bug 8686: Raise required version of URI::Escape to 3.31 Raises the minimum required version of URI::Escape from 1.36 to 3.31. TEST PLAN --------- 1) git branch -b bug_8686 origin/master 2) ./koha_perl_deps.pl -a | grep URI -- it will list 1.36 required 3) git bz apply 8686 4) ./koha_perl_deps.pl -a | grep URI -- it will list 3.31 required 5) koha qa test tools NOTE: Also default in Ubuntu 14.04 LTS, not just Wheezy as noted in comment #15. Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signoff based on Nicole's comment (bug 9990 comment 6): "This stops happening if you upgrade URI::Escape to 3.31. We should make it clear in the Perl Modules page that an upgrade is needed." Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Acquisition.pm | 4 +- C4/Auth.pm | 1 - C4/Installer/PerlDependencies.pm | 2 +- Koha.pm | 2 +- Koha/NorwegianPatronDB.pm | 1 - cataloguing/value_builder/unimarc_field_4XX.pl | 8 +++ installer/data/mysql/updatedatabase.pl | 11 ++++ .../prog/en/modules/admin/preferences/admin.pref | 2 +- .../prog/en/modules/catalogue/issuehistory.tt | 26 +++++---- .../cataloguing/value_builder/unimarc_field_4XX.tt | 4 +- .../intranet-tmpl/prog/en/modules/circ/returns.tt | 1 + .../prog/en/modules/members/readingrec.tt | 4 +- .../opac-tmpl/bootstrap/en/includes/usermenu.inc | 12 ++--- .../bootstrap/en/modules/opac-authorities-home.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-detail.tt | 8 +-- .../opac-tmpl/bootstrap/en/modules/opac-results.tt | 4 +- .../bootstrap/en/modules/opac-suggestions.tt | 57 ++++++++++++-------- opac/opac-suggestions.pl | 46 +++++++++++----- t/db_dependent/Acquisition/TransferOrder.t | 8 ++- 19 files changed, 131 insertions(+), 72 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 22 16:36:02 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 22 Jun 2015 14:36:02 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-186-gf86743d Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via f86743d893b61a4609d2f02a175db9944710067e (commit) via 865321f3726c3b6065ef72107017c4171630d140 (commit) via 8c91ca7903846da0cf7a73914a0b78484c0429df (commit) via 0ca21c1e488f150cca74beb9a67b285e5531f3b5 (commit) via 68f0fe7b6f152a6db100525724c1ece507258652 (commit) via 9ed3d83dcbc609e9d658d965257b87bdc42e0606 (commit) via 307f7a064cdaf16bca5a762344563b87651a1664 (commit) via 45c1b8f7b261493c27aa4d734e9795be619c1c70 (commit) via 0cb82c8d02cc4b672b169c8b0261c4bb6360cd00 (commit) via 2b255be22c919b11d690f4dcf8a5e84e93290878 (commit) via 469275fef5f4cfd7b251cd0a8ba2b53009b10f03 (commit) via d3983e563ffbce5c3276108c5840394bcb7b8593 (commit) via 6c94fe52f954f93916993f71c472b068096806da (commit) via 57b01fb655955ac630d6018d03f4d134e7e3e25a (commit) via cd4c959f7226b060f683f5571f030cc2df7539ca (commit) via b6ca2b0cd2d95e8aedbfd7c0c58ace8200620bf1 (commit) via 45dd7754019e8f525c8d52bf33c41016e5ccbfab (commit) via 542b06f065bf550a2a625bbfb34ce73bb65d01a1 (commit) via abd2bc99e886c11fa9abe15ef01c3298d00757cb (commit) via fb51a4bb0f3ac8b42b53579fe3d6d73d0b3438cd (commit) via 703a928b9d81e974d56c306cd0bee3670f243c55 (commit) from a80d188c83be6131c9274a29c5dcc03893c9e617 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f86743d893b61a4609d2f02a175db9944710067e Author: Katrin Fischer Date: Wed Jun 17 12:28:39 2015 +0200 Bug 14401: Zebra index configuration doesn't allow exact search for C. 2 lines in the Zebra configuration files prevent an exact search for C., while all other [A-Z]. searches work correctly. After taking a look at the /etc/zebradb/etc/word-phrase-utf.chr those 2 lines cause the problem: map (^c\.) @ map (^C\.) @ I propose to remove them. To test: - Catalog a record with an item with callnumber: C. - Catalog a record with an item with callnumber: B. - Try seaching for the second using callnum,ext:B. (exact field search) - Verify search works. - Try searching for the other with callnum,ext:C. - Verify no result. - Apply the patch - copy the zebra config file if necessary into the right spot - Reindex - Repeat searches - both should not bring up the correct record. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 865321f3726c3b6065ef72107017c4171630d140 Author: Robin Sheat Date: Wed May 27 12:25:34 2015 +1200 Bug 14394: fix documentation of OpacHiddenItems The current documentation of OpacHiddenItems told people to go and read a file on the server, which most people don't have access to. This replaces it with a link to the wiki. http://bugs.koha-community.org/show_bug.cgi?id=14394 Signed-off-by: Bernardo Gonzalez Kriegel It doesn't apply for some reason. Fixed Added target attribute to open in new window/tab, hope you don't mind. Updated documentation No errors Belongs to Aleisha or Robin? Update assignee please :) Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 8c91ca7903846da0cf7a73914a0b78484c0429df Author: Mark Tompsett Date: Fri Jun 19 09:00:33 2015 -0400 Bug 14422: Typo in updatedatabase.pl TEST PLAN --------- 1) backup db 2) git checkout -b my_3.6.x origin/3.6.x 3) drop db and create blank one 4) git reset --hard origin/3.6.x 5) run web installer 6) set HomeorHoldingBranchReturn system preference to 'holdingbranch'. 7) create a Default checkout, hold rule home -> koha administration -> Circulation and fines rules -- I put 10 checkouts total and clicked 'Save' -- there currently is not 'returnbranch' in default_circ_rules. 8) git reset --hard origin/3.20.x -- or whatever version you apply this to (3.8.x, 3.10.x, 3.14.x, 3.16.x, 3.18.x, or 3.20.x -- 3.21.00.008 deletes the systempreference involved) 9) ./installer/data/mysql/updatedatabase.pl 10) check HomeorHoldingBranchReturn systempreference -- Currently says 'holdingbranch', but the value of 'returnbranch' in default_circ_rules is 'homebranch'. 11) repeat steps 3-8 12) apply this patch 13) repeat steps 9-10 -- Currently says 'holdingbranch', and the value of 'returnbranch' in default_circ_rules is 'holdingbranch'. 14) run koha qa test tools Signed-off-by: Bernardo Gonzalez Kriegel Tested using 3.6.x install, updated to 3.8.x Value is preserved No errors Signed-off-by: Jonathan Druart Note: I haven't followed the test plan, but the fix is trivial. Maybe it could worth to upate 3.21.00.008 and check the value of HomeOrHoldingBranchReturn before deleting it. We could raise a warning if HomeOrHoldingBranchReturn == 'holdingbranch'. Signed-off-by: Tomas Cohen Arazi commit 0ca21c1e488f150cca74beb9a67b285e5531f3b5 Author: Katrin Fischer Date: Mon Jun 8 02:15:03 2015 +0200 Bug 4925: Remove Smithsonian as a delivered z39.50 target Removes the Smithsonian as a target installed with the sample data during installation. Also adds the newer LOC authority targets to files where they were missing. To test: - Verify the Smithsonian has been removed from all translated installers - Verify the files are still valid SQL and install correctly NOTE: There was tiny scope creep which included ensuring there were two Authority z39.50 servers as well. Text files properly reflect the removal. SQL 'source' of SQL files worked properly. Was able to Z39.50 search for all of the 'en'. Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 68f0fe7b6f152a6db100525724c1ece507258652 Author: Jonathan Druart Date: Wed Apr 15 12:39:05 2015 +0200 Bug 10172: Hide some uneeded stuffs on printing a record When printing a record from the OPAC or the staff interface, some uneeded blocks are displayed. OPAC: 1/ Browse results 2/ The view tags (Normal, MARC, ISBD) Intranet: 1/ Marc view link 2/ The Please upload one image link Test plan: On a record detail page (staff and OPAC), print the page and confirm these blocks no longer appear. Signed-off-by: Nick Clemens Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 9ed3d83dcbc609e9d658d965257b87bdc42e0606 Author: Jonathan Druart Date: Fri Jun 19 15:47:58 2015 +0200 Bug 10063: Remove outdated FIXME Signed-off-by: Jonathan Druart Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 307f7a064cdaf16bca5a762344563b87651a1664 Author: Katrin Fischer Date: Mon Jun 8 04:17:53 2015 +0200 Bug 10063: Correct documentation of C4::Members::IsMemberBlocked Rephrased documentation a bit, replacing fine days with the more general term restriction. As IsDebarred checks for existing active restrictions. TEST PLAN --------- 1) apply patch 2) git diff origin/master -- do the changes make sense 3) perldoc C4::Members -- look for the IsMemberBlocked. -- Does it reflect current state 4) koha qa test tools Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Kyle M Hall Signed-off-by: Tomas Cohen Arazi commit 45c1b8f7b261493c27aa4d734e9795be619c1c70 Author: Katrin Fischer Date: Mon Jun 8 02:58:53 2015 +0200 Bug 10119: Add note about CalculateFinesOnReturn to description of finesmode This adds a note to the descrpition of the finesmode system preference mentioning that CalculateFinesOnReturn is another option for charging fines: Note: Fines can also be charged by the CalculateFinesOnReturn system preference. To test: - Search for the finesmode system preference - Verify the new text shows and is correct NOTE: New text appears as expected. You can also just scroll for it on the Circulation preferences tab. Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 0cb82c8d02cc4b672b169c8b0261c4bb6360cd00 Author: Eivin Giske Skaaren Date: Fri Jun 19 13:08:29 2015 +0200 Bug 14421: Corrected example in SMS.pm to working version with hashref. Signed-off-by: Bernardo Gonzalez Kriegel Test: 1) Apply patch 2) perldoc C4/SMS.pm 3) Check fixed argument in example Argument is hashref, POD is now right Added additional space on second arg No errors Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 2b255be22c919b11d690f4dcf8a5e84e93290878 Author: Mark Tompsett Date: Fri Jun 19 11:24:57 2015 -0400 Bug 14425: Typo in C4::Context IsSuperLibrarian perldoc TEST PLAN --------- 1) git checkout -b bug_14425 origin/master 2) perldoc C4::Context /IsSuperlibr -- see it is bad. 3) apply patch 4) perldoc C4::Context /IsSuperLibr -- see it is fixed. 5) koha qa test tools. Signed-off-by: Bernardo Gonzalez Kriegel Fix typo, no errors. Signed-off-by: Jonathan Druart % git grep -i IsSuperLibrarian|wc -l 55 % git grep IsSuperLibrarian|wc -l 55 Signed-off-by: Tomas Cohen Arazi commit 469275fef5f4cfd7b251cd0a8ba2b53009b10f03 Author: Nicole C. Engard Date: Fri Jun 19 11:32:18 2015 -0500 Bug 14424: Tools Help Files for 3.20 This patch updates and adds help files to 3.20+ To test: * Visit batch record modification and note that there is a help file and confirm the text is right * Visit export data, import borrowers, stage marc for import, and log viewer * Confirm updated text is right Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit d3983e563ffbce5c3276108c5840394bcb7b8593 Author: Nicole C. Engard Date: Fri Jun 19 11:08:56 2015 -0500 Bug 14424: Admin Help Files for 3.20 This patch updates some of the help files for Admin areas in 3.20+ To test: * Visit * Frameworks, add field, add subfield * Column settings * Patron attributes * Circ rules * Confirm help loads up and is right Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 6c94fe52f954f93916993f71c472b068096806da Author: Katrin Fischer Date: Wed Jun 10 00:11:19 2015 +0200 Bug 11458: Improve confusing description of syspref 'gist' The description of "gist" was: "Default tax rates are ... (enter in numeric form, 0.12 for 12%. First is the default. If you want more than 1 value, please separate with |) " The doubled use of "default" is confusing here. With the patch it reads: Tax rates are ... Enter in numeric form, 0.12 for 12%. The first item in the list will be selected by default. For more than one value, separate with | (pipe) To test: - Verify that the gist system preference description is correct. The use of "default" is confusing here. Signed-off-by: Aleisha Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 57b01fb655955ac630d6018d03f4d134e7e3e25a Author: Chris Cormack Date: Fri Jun 19 08:35:07 2015 +1200 Bug 14412: SQL injection possible There is a SQL Injection vulnerability in the /cgi-bin/koha/opac-tags_subject.pl script. By manipulating the variable 'number', the database can be accessed via time-based blind injections. The following string serves as an example: /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) To exploit the vulnerability, no authentication is needed To test 1/ Turn on mysql query logging 2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 3/ Check the logs notice something like SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 PROCEDURE ANALYSE (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 4/ Apply patch 5/ Hit the url again 6/ Notice the log now only has SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Confirmed the problem and the fix for it. Signed-off-by: Tomas Cohen Arazi commit cd4c959f7226b060f683f5571f030cc2df7539ca Author: Chris Cormack Date: Fri Jun 19 11:41:45 2015 +1200 Bug 14418: More XSS vulnerabilities in opac-shelves.pl To test: 1/ Hit a url like /cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="> Where the id is a valid shelf id 2/ Notice the js is executed 3/ Apply patch 4/ Reload page 5/ Notice input is now escaped on display Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Tested in Debian, couldn't reproduce the alert in Iceweasel, but in Chromium. Patch fixes it. Signed-off-by: Tomas Cohen Arazi commit b6ca2b0cd2d95e8aedbfd7c0c58ace8200620bf1 Author: Chris Cormack Date: Fri Jun 19 11:30:22 2015 +1200 Bug 14418: XSS flaw in opac-shelves.pl To test: 1/ Create a list and add at least one item to it 2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E Where the shelf id is the number of the list you created, notice the js is executed 3/ Apply the patch 4/ Reload the page notice the js is now escaped Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit 45dd7754019e8f525c8d52bf33c41016e5ccbfab Author: Chris Cormack Date: Fri Jun 19 09:25:22 2015 +1200 Bug 14418: XSS Vulnerabilities in OPAC search Fix for /cgi-bin/koha/opac-search.pl To test 1/ Hit /cgi-bin/koha/opac-search.pl?tag="> as the name 2/ Go to /cgi-bin/koha/virtualshelves/shelves.pl in the staff client Note the js is executed 3/ View http://192.168.2.18:8080/cgi-bin/koha/svc/virtualshelves/search?template_path=virtualshelves/tables/shelves_results.tt&type=1 Notice the html is not escaped 4/ Apply patch 5/ View http://192.168.2.18:8080/cgi-bin/koha/svc/virtualshelves/search?template_path=virtualshelves/tables/shelves_results.tt&type=1 Notice the html is now escaped 6/ View /cgi-bin/koha/virtualshelves/shelves.pl - no more exploit Signed-off-by: Jonathan Druart Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi ----------------------------------------------------------------------- Summary of changes: C4/Context.pm | 2 +- C4/Members.pm | 14 +- C4/SMS.pm | 4 +- etc/zebradb/etc/word-phrase-utf.chr | 2 - .../mysql/de-DE/optional/sample_z3950_servers.sql | 3 +- .../mysql/de-DE/optional/sample_z3950_servers.txt | 3 +- .../mysql/en/optional/sample_z3950_servers.sql | 3 +- .../mysql/en/optional/sample_z3950_servers.txt | 1 - .../mysql/es-ES/optional/sample_z3950_servers.sql | 11 +- .../mysql/es-ES/optional/sample_z3950_servers.txt | 3 +- .../mysql/pl-PL/optional/sample_z3950_servers.sql | 3 +- .../mysql/pl-PL/optional/sample_z3950_servers.txt | 1 - installer/data/mysql/updatedatabase.pl | 2 +- koha-tmpl/intranet-tmpl/prog/en/css/print.css | 6 + .../en/modules/admin/preferences/acquisitions.pref | 4 +- .../en/modules/admin/preferences/circulation.pref | 1 + .../prog/en/modules/admin/preferences/opac.pref | 2 +- .../prog/en/modules/catalogue/detail.tt | 2 +- .../prog/en/modules/help/admin/biblio_framework.tt | 181 +++++++++++++++++++- .../prog/en/modules/help/admin/columns_settings.tt | 8 +- .../modules/help/admin/marc_subfields_structure.tt | 120 ++++++------- .../prog/en/modules/help/admin/marctagstructure.tt | 15 +- .../en/modules/help/admin/patron-attr-types.tt | 1 + .../prog/en/modules/help/admin/smart-rules.tt | 12 +- .../help/tools/batch_record_modification.tt | 30 ++++ .../prog/en/modules/help/tools/export.tt | 2 +- .../prog/en/modules/help/tools/import_borrowers.tt | 14 +- .../en/modules/help/tools/stage-marc-import.tt | 36 ++-- .../prog/en/modules/help/tools/viewlog.tt | 2 - .../en/modules/virtualshelves/addbybiblionumber.tt | 8 +- .../virtualshelves/tables/shelves_results.tt | 2 +- koha-tmpl/opac-tmpl/bootstrap/css/print.css | 2 +- .../bootstrap/en/modules/opac-addbybiblionumber.tt | 8 +- .../opac-tmpl/bootstrap/en/modules/opac-results.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 4 +- koha-tmpl/opac-tmpl/bootstrap/less/print.less | 5 + opac/opac-tags_subject.pl | 4 +- 37 files changed, 364 insertions(+), 163 deletions(-) create mode 100644 koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/batch_record_modification.tt hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 22 16:51:48 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 22 Jun 2015 14:51:48 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-194-g1ea3465 Message-ID: This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 1ea3465d30b1b0fcd12a5592ce5a4c34a9a58462 (commit) via b9c4061479235d0d79ecbd917b015db5441d8118 (commit) via 67881bd907b4c28843c73bb26b051a69dd489094 (commit) via 8ce79c4c8bb721f9f06d7b1928116a0e7e6cec18 (commit) via 219f7b5c8fe59034fc7aff1ab81e42bc8cb6eba2 (commit) via 6d9d66e32afaef73cbf2a33ce58d49f373e99dd8 (commit) via da8ec2d37a43c87ad5b087511dd8e4ce082f022f (commit) via 3ebc081962247ce0c598da810451c459909842bc (commit) from f86743d893b61a4609d2f02a175db9944710067e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 1ea3465d30b1b0fcd12a5592ce5a4c34a9a58462 Author: Nicolas Legrand Date: Thu May 28 16:32:29 2015 +0200 Bug 14290: Add a table foot to circulation matrix Reprint circulation matrix header in a footer helps editing entries in big matrix. Otherwise, the header disapears and it's hard to tell which columns we're editing. Test plan : try do add, modify or delete some entries in the circulation matrix, everything should work as expected. Patch works as expected. Signed-off-by: Marc V?ron Signed-off-by: Katrin Fischer Signed-off-by: Tomas Cohen Arazi commit b9c4061479235d0d79ecbd917b015db5441d8118 Author: Bernardo Gonzalez Kriegel Date: Wed Jun 17 13:22:49 2015 -0300 Bug 12616: Locale in subscriptions not preselecting correctly There is a problem if a language is present but don't have ISO639-2 code. Locale pulldown on serial suscription is malformed. To reproduce on master: a) remove some entries on language_rfc4646_to_iso639 b) go to Serials > New suscription c) Put any value on Vendor and record, press Next>> d) Look at locale pulldown, it must default to last removed lang from a), also other langs has no value and are also 'selected' on html To test: 1) Reproduce the problem 2) Apply the patch 3) Add New suscription, pulldown must be fixed NOTE: Deleted Urdu and Chinese. Master had both "selected" in the HTML. Applied patch, neither were added. Defaults to first item, which is blank meaning English. Signed-off-by: Mark Tompsett Signed-off-by: Jonathan Druart Signed-off-by: Tomas Cohen Arazi commit 67881bd907b4c28843c73bb26b051a69dd489094 Author: Katrin Fischer Date: Mon Jun 8 00:55:22 2015 +0200 Bug 8330: Overdue email link contains untranslatable 'Overdue:' The translation scripts don't pick up text from href attributes, which is what we want, with a small exception for this script. Patch uses a TT trick to make the Overdue: in the subject of the mailto: link translatable. Regression test: - Make sure you have an overdue item - Go to Circulation > Overdues - Verify the [email] link works and a subject with 'Overdue: ' is generated - Apply patch and repeat steps Bonus: Verify the branch name now shows instead of the branchcode in the table To test translatability: - cd misc/translator - perl translate update de-DE - Open file po/de-DE-staff-prog.po - Search for Overdue: - Translate string, remove 'fuzzy' marker - perl translate install de-DE - Test again, subject should now be translated Signed-off-by: Nick Clemens <nick at quecheelibrary.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit 8ce79c4c8bb721f9f06d7b1928116a0e7e6cec18 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Sat Jun 6 15:17:40 2015 +0200 Bug 14249: Improve sample discharge letter (en) Improves formatting and wording as suggested by Nicole on bug 14249. To test: - Activate UseDischarge - Request a discharge from a patron account in the OPAC - Confirm discharge from the start page of the staff interface - Download PDF from the patron account in the OPAC - Verify the displayed text is formatted and reads correctly 06/06/2015 15:18 Discharge confirmation Midway certifies that the following borrower: Firstname surname (cardnumber: 1) has returned all items. Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Messages is Ok, no errors I think you cant modify message using embeded CSS, html -> pdf procedure ignores CSS. Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit 219f7b5c8fe59034fc7aff1ab81e42bc8cb6eba2 Author: Nick Clemens <nick at quecheelibrary.org> Date: Tue Jun 9 21:51:44 2015 -0400 Bug 14371: Facets should be sorted by label (displayed) not title (link value) This patch changes one small line in catalogue/search.pl and opac/opac-search to sort facets by: facet_label_value instead of facet_title_value To test: 1 - Perform a search with results in two branches e.g. Centerville (code CPL) and Fairfield (code FPL) 2 - Notice that branch facets appear correctly sorted 3 - Rename the branches Centervile->Zebra and Fairfeild->Aardvark (but don't change codes) 4 - Repeat original search 5 - Note that branch facets are no longer correctly sorted 6 - Apply patch 7 - Repeat search 8 - Facets should be correctly sorted 9 - Test in both staff and opac search 10 - Ensure there are no unintended consequences/regressions Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Work as described, staff AND opac No errors Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit 6d9d66e32afaef73cbf2a33ce58d49f373e99dd8 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Mon Jun 8 04:46:05 2015 +0200 Bug 14094: DDC - Add separators for repeated $a subfields (MARC21) Mulitple 082 fields are already separated by |, but multiple $a in one 082 field were only separated by space, making those not easy to read. Patch takes care that the | separator is used in all cases. To test: - Catalog a record with multiple 082 fields - Add one or multiple $a subfields to each - Verify every single classification is separated from the others with a | in staff and in OPAC detail pages Signed-off-by: Nick Clemens <nick at quecheelibrary.org> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit da8ec2d37a43c87ad5b087511dd8e4ce082f022f Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Mon Jun 8 05:29:16 2015 +0200 Bug 13874: 'Rotating collections' are a circulation tool Moves the entry for 'Rotating collections' from the Catalog column to the 'Patrons and circulation' column. To test: - Verify the entry has been moved on the tools home page NOTE: I agree that collections makes more sense under the new column. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit 3ebc081962247ce0c598da810451c459909842bc Author: Mark Tompsett <mtompset at hotmail.com> Date: Wed Apr 15 12:33:29 2015 -0400 Bug 14001: Inventory has bad $_ references After receiving an error while attempt a simple inventory run, Two lines were changed from: ...$_->... to ...$item->... since the loop variable is $item. And $_ is not set to the expected hash reference, when there is a loop variable. This also helps explain the "Why are there blank dates on my last seen field?" problem that has been mentioned by users. TEST PLAN --------- 1) Apply this patch after a reset to master. 2) Log in to staff client 3) Add one item via z39.50, setting barcode to a known value (BARCODE1) 4) Wait for the reindex 5) Home -> Tools -> Inventory/Stocktaking 6) Browse for a file with the barcode in it 7) Set the library dropdown to the library branch of the added item. 8) Check 'Compare barcodes list to results:' 9) Click 'Submit' -- This should not die under plack. This should not generate blank last seen dates. The last seen dates should be as expected. 10) run koha qa test tools 11) Confirm the two change point correspond to the two change points in the patch which shall not be pushed to master. The test result comply with expected outcome outlined in test plan. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> ----------------------------------------------------------------------- Summary of changes: C4/Languages.pm | 3 ++- catalogue/search.pl | 2 +- .../data/mysql/en/mandatory/sample_notices.sql | 11 +++++++-- .../prog/en/modules/admin/smart-rules.tt | 25 ++++++++++++++++++++ .../intranet-tmpl/prog/en/modules/circ/overdue.tt | 7 ++++-- .../prog/en/modules/tools/tools-home.tt | 9 ++++--- .../prog/en/xslt/MARC21slim2intranetDetail.xsl | 1 + .../bootstrap/en/xslt/MARC21slim2OPACDetail.xsl | 1 + opac/opac-search.pl | 2 +- tools/inventory.pl | 4 ++-- 10 files changed, 51 insertions(+), 14 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 22 22:05:47 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 22 Jun 2015 20:05:47 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-202-gb61782f Message-ID: <E1Z77yV-0003Ui-KN@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via b61782f1e78c771d66351b380755182e111eaf81 (commit) via e835e03ccf1c7f8cf9f2e9949d2d19889c3610a5 (commit) via cb28aa454a4c97d0dcf7772d13dfb14635596291 (commit) via b9ae37ae38886a1b37293f7238302a5300d86087 (commit) via 46a2585b01255b4257ccb6ca4617e341b0bbb301 (commit) via a18819f408b1d9051ae181b5f6098853ec41fa32 (commit) via a04b5f0849027f8f37e641c1ef738d8bb1cee3d4 (commit) via 78da33100def3b478d68cec25109449cc239597d (commit) from 1ea3465d30b1b0fcd12a5592ce5a4c34a9a58462 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b61782f1e78c771d66351b380755182e111eaf81 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Tue Jun 16 17:39:16 2015 +0200 Bug 14253: (follow-up) Same fix for the basket page Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit e835e03ccf1c7f8cf9f2e9949d2d19889c3610a5 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Tue Jun 9 03:01:08 2015 +0200 Bug 14253: Acq - notify borrowers popup needs to allow scrolling The 'notify on receiving' patron search on the new order form in acquisitions didn't allow you to scroll, so there was no way to select users from the bottom of a longer result list. To test: - Create a new order in acquisitions - On the order form, use the 'Add user' button to open the popup - Perform a patron research with a lot of results - Verify that with the patch you can scroll, but that you couldn't without it Signed-off-by: Mirko Tietgen <mirko at abunchofthings.net> without patch: no scroll bar in Firefox 38 with patch: scrolling works fine Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit cb28aa454a4c97d0dcf7772d13dfb14635596291 Author: Mark Tompsett <mtompset at hotmail.com> Date: Tue Jun 16 04:39:31 2015 +0000 Bug 5025: discrepancy between opac doc-head-open.inc and staff doc-head-open.inc http://library.debiankoha.ca/cgi-bin/koha/errors/400.pl http://library.debiankoha.ca/cgi-bin/koha/errors/401.pl http://library.debiankoha.ca/cgi-bin/koha/errors/402.pl http://library.debiankoha.ca/cgi-bin/koha/errors/403.pl http://library.debiankoha.ca/cgi-bin/koha/errors/404.pl http://library.debiankoha.ca/cgi-bin/koha/errors/500.pl http://library.debiankoha.ca/cgi-bin/koha/ilsdi.pl Set OpacMaintenance to "Show" in the Staff client system preferences. http://library.debiankoha.ca/cgi-bin/koha/maintenance.pl Set OpacMaintenance to "Don't show" in the Staff client system preferences. http://library.debiankoha.ca/cgi-bin/koha/opac-ISBDdetail.pl?biblionumber=5390 http://library.debiankoha.ca/cgi-bin/koha/opac-MARCdetail.pl?biblionumber=5390 Log into OPAC Client http://library.debiankoha.ca/cgi-bin/koha/opac-account.pl http://library.debiankoha.ca/cgi-bin/koha/opac-search.pl -- This is actually the advanced search. FIXME: Don't know how to trigger opac-alert-subscribe.tt FIXME: Don't know how to trigger opac-auth-MARCdetail.tt FIXME: Don't know how to trigger opac-auth-detail.tt FIXME: Don't know how to trigger opac-auth.tt Click 'Authority search' in OPAC Click 'Submit' Search for something in the catalog Click 'Select all' Change 'With selected titles:' drop down to 'cart' View the cart. Click 'Send' Click 'Cancel' Click 'Download' Click 'Cancel' Close cart window Search for something in the catalog Select 'Select all' Change 'With selected titles:' drop down to '[ New List ]' Save the list Click 'Lists' Click the list you saved Click 'Download list' Click 'Cancel' Click 'Send list' Click 'Cancel' Copy the URL from download list and remove the '&context=modal' Click 'Cancel' http://library.debiankoha.ca/cgi-bin/koha/opac-blocked.pl http://library.debiankoha.ca/cgi-bin/koha/opac-browser.pl FIXME: Don't know how to trigger opac-course-details.tt http://library.debiankoha.ca/cgi-bin/koha/opac-course-reserves.pl http://library.debiankoha.ca/cgi-bin/koha/opac-detail.pl?biblionumber=5336 FIXME: Don't know how to trigger opac-full-serial-issues.tt http://library.debiankoha.ca/cgi-bin/koha/opac-imageviewer.pl http://library.debiankoha.ca/cgi-bin/koha/opac-main.pl Click on the user name in the top area. Click the 'your personal details' tab. Change the birth date. Click 'Submit' http://library.debiankoha.ca/cgi-bin/koha/opac-messaging.pl http://library.debiankoha.ca/cgi-bin/koha/opac-overdrive-search.pl Click on the user name in the top area. Click the 'change your password' tab. Set OPACPrivacy to "Allow" in the Staff client system preferences. Refresh OPAC page click on the user name in the top area. Click the 'your privacy' tab. Click the 'your reading history' tab. Change the PatronSelfRegistration to "Allow" in the Staff client system preferences. Change the PatronSelfRegistrationCategory to "PT" or some other valid patron category code. Change the PatronSelfRegistrationAdditionalInstructions to something. Refresh OPAC page Log out Click the 'Register Here' link. Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Tested most pages, inspected all of them. No errors Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit b9ae37ae38886a1b37293f7238302a5300d86087 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Thu Jun 18 18:14:36 2015 +0200 Bug 11804: Remove references to circ-menu.tt Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 46a2585b01255b4257ccb6ca4617e341b0bbb301 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Sat Jun 6 13:03:43 2015 +0200 Bug 11804: Remove unused circ-menu.tt The formerly used circ-menu.tt is no longer referenced in the templates and can be removed. To test: - Verify all tabs in the patron account still work as they should. - git grep circ-menu.tt Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> No problems on patron pages, no more circ-menu.tt No errors Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit a18819f408b1d9051ae181b5f6098853ec41fa32 Author: Tomas Cohen Arazi <tomascohen at theke.io> Date: Mon Jun 22 16:40:57 2015 -0300 Bug 7793: DBRev 3.21.00.010 Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit a04b5f0849027f8f37e641c1ef738d8bb1cee3d4 Author: Kyle M Hall <kyle at bywatersolutions.com> Date: Fri Mar 20 08:15:41 2015 -0400 Bug 7793: Simplify db update Since message_id is not linked to anything else in the database, we can ensure the message_id's are unique by simply dropping the column and recreating it. Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit 78da33100def3b478d68cec25109449cc239597d Author: Olli-Antti Kivilahti <olli-antti.kivilahti at jns.fi> Date: Tue Feb 24 19:00:23 2015 +0200 Bug 7793: redefine the field message_id as PRIMARY KEY of message_queue Making message_queue work nicely with DBIx. DROP the existing KEY and replace with an PRIMARY KEY. If somebody has managed to get duplicate message_ids in his/her message_queue-table, this patch takes care of them as well, but givin all duplicate message_id's a new id. TEST INSTRUCTIONS: in the patch. Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Amended patch: Remove change to Koha/Schema/Result/MessageQueue.pm, will be done by the RM Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> ----------------------------------------------------------------------- Summary of changes: Koha.pm | 2 +- Koha/Schema/Result/MessageQueue.pm | 16 +++- installer/data/mysql/kohastructure.sql | 2 +- installer/data/mysql/updatedatabase.pl | 14 +++ .../intranet-tmpl/prog/en/includes/circ-menu.tt | 100 -------------------- .../intranet-tmpl/prog/en/modules/acqui/basket.tt | 2 +- .../prog/en/modules/acqui/neworderempty.tt | 2 +- .../bootstrap/en/includes/doc-head-close.inc | 1 - .../bootstrap/en/includes/doc-head-open.inc | 1 - .../opac-tmpl/bootstrap/en/modules/errors/400.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/errors/401.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/errors/402.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/errors/403.tt | 5 +- .../opac-tmpl/bootstrap/en/modules/errors/404.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/errors/500.tt | 3 +- koha-tmpl/opac-tmpl/bootstrap/en/modules/ilsdi.tt | 4 +- .../opac-tmpl/bootstrap/en/modules/maintenance.tt | 2 +- .../bootstrap/en/modules/opac-ISBDdetail.tt | 3 +- .../bootstrap/en/modules/opac-MARCdetail.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/opac-account.tt | 3 +- .../bootstrap/en/modules/opac-addbybiblionumber.tt | 2 +- .../bootstrap/en/modules/opac-advsearch.tt | 3 +- .../bootstrap/en/modules/opac-alert-subscribe.tt | 3 +- .../bootstrap/en/modules/opac-auth-MARCdetail.tt | 3 +- .../bootstrap/en/modules/opac-auth-detail.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/opac-auth.tt | 4 +- .../bootstrap/en/modules/opac-authorities-home.tt | 3 +- .../en/modules/opac-authoritiessearchresultlist.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/opac-basket.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-blocked.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-browser.tt | 3 +- .../bootstrap/en/modules/opac-course-details.tt | 2 +- .../bootstrap/en/modules/opac-course-reserves.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-detail.tt | 3 +- .../bootstrap/en/modules/opac-downloadcart.tt | 3 +- .../bootstrap/en/modules/opac-downloadshelf.tt | 3 +- .../en/modules/opac-full-serial-issues.tt | 3 +- .../bootstrap/en/modules/opac-imageviewer.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-main.tt | 2 +- .../modules/opac-memberentry-update-submitted.tt | 2 +- .../bootstrap/en/modules/opac-memberentry.tt | 2 +- .../bootstrap/en/modules/opac-messaging.tt | 3 +- .../bootstrap/en/modules/opac-overdrive-search.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-passwd.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/opac-privacy.tt | 3 +- .../bootstrap/en/modules/opac-readingrecord.tt | 2 +- .../en/modules/opac-registration-confirmation.tt | 2 +- .../en/modules/opac-registration-email-sent.tt | 2 +- .../en/modules/opac-registration-invalid.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/opac-reserve.tt | 2 +- .../bootstrap/en/modules/opac-results-grouped.tt | 4 +- .../opac-tmpl/bootstrap/en/modules/opac-results.tt | 4 +- .../opac-tmpl/bootstrap/en/modules/opac-review.tt | 2 +- .../bootstrap/en/modules/opac-search-history.tt | 2 +- .../bootstrap/en/modules/opac-sendbasketform.tt | 3 +- .../bootstrap/en/modules/opac-sendshelfform.tt | 3 +- .../bootstrap/en/modules/opac-serial-issues.tt | 3 +- .../bootstrap/en/modules/opac-shareshelf.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 3 +- .../bootstrap/en/modules/opac-showmarc.tt | 2 +- .../bootstrap/en/modules/opac-showreviews.tt | 3 +- .../bootstrap/en/modules/opac-suggestions.tt | 5 +- .../opac-tmpl/bootstrap/en/modules/opac-tags.tt | 3 +- .../bootstrap/en/modules/opac-tags_subject.tt | 2 +- .../bootstrap/en/modules/opac-topissues.tt | 3 +- .../opac-tmpl/bootstrap/en/modules/opac-user.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/sco/help.tt | 3 +- .../bootstrap/en/modules/sco/printslip.tt | 2 +- .../opac-tmpl/bootstrap/en/modules/sco/sco-main.tt | 3 +- .../bootstrap/en/modules/svc/suggestion.tt | 3 +- members/boraccount.pl | 1 - members/pay.pl | 1 - members/paycollect.pl | 2 - 73 files changed, 133 insertions(+), 180 deletions(-) delete mode 100644 koha-tmpl/intranet-tmpl/prog/en/includes/circ-menu.tt hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 22 22:45:27 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 22 Jun 2015 20:45:27 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-216-g64e47c6 Message-ID: <E1Z78at-0003pm-2H@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 64e47c63dc59669c3c651b93630c470e06107fd6 (commit) via 5dd7c8f0d5fae67ea6177fdbac77a04f70661864 (commit) via 5a7f459290326e1cea8460bb0817492340dd4150 (commit) via f4a2471848703ca1896e0664cb9e3c59bf308101 (commit) via 40d7ab4895dabba28a19861af500f4f2c0180f98 (commit) via f6aec46dda4a0c833573030e7248e23592537b45 (commit) via 1a6a734de48db885dd9553c102521bf8227d56be (commit) via 3f3a29f796db72b73ba858c27bfb3ba7d973f348 (commit) via fc70c3a4bc9175c2f4f250aeb0bd40ae048df721 (commit) via 0cac7bc140a53773fd841472bbd306e65ae60a97 (commit) via 64925f7522a7f3d2d22e07df6bd9d7653cfc4a91 (commit) via 63c158968593de976afb0acf101f0f33dfc7597f (commit) via 15b3ba5a6360241c3082373cd7ea0af73d0babef (commit) via e5cea455d00c52b4a81e87b4dc77315c03ce8630 (commit) from b61782f1e78c771d66351b380755182e111eaf81 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 64e47c63dc59669c3c651b93630c470e06107fd6 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Mon Jun 22 10:24:51 2015 +0200 Bug 14408: Allow integers in template paths Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 5dd7c8f0d5fae67ea6177fdbac77a04f70661864 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:25:30 2015 +0200 Bug 14408: Add tests to get_template_and_user Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 5a7f459290326e1cea8460bb0817492340dd4150 Author: Chris <chris at bigballofwax.co.nz> Date: Mon Jun 22 05:23:52 2015 +0000 Bug 14408: Path Traversal error Counter counter patch Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt and not allowing ../etc Note the previous patch tries to protect against /etc/passwd but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit f4a2471848703ca1896e0664cb9e3c59bf308101 Author: Tomas Cohen Arazi <tomascohen at theke.io> Date: Mon Jun 22 17:43:21 2015 -0300 Bug 14383: (QA followup) missing POD fix in C4/Branch.pm Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 40d7ab4895dabba28a19861af500f4f2c0180f98 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Thu Jun 18 15:19:25 2015 +0200 Bug 14383: Fix POD error in C4/Ratings.pm perl -e "use Pod::Checker;podchecker('C4/Ratings.pm');" Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit f6aec46dda4a0c833573030e7248e23592537b45 Author: Stefan Weil <sw at weilnetz.de> Date: Mon Jun 15 21:57:13 2015 +0200 Bug 14383: etc/zebradb: Fix some typos in documentation and Bib-1 attribute set All of them were found and fixed using codespell. Signed-off-by: Stefan Weil <sw at weilnetz.de> Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 1a6a734de48db885dd9553c102521bf8227d56be Author: Stefan Weil <sw at weilnetz.de> Date: Mon Jun 15 21:55:50 2015 +0200 Bug 14383: docs: Fix some typos in documentation All of them were found and fixed using codespell. Signed-off-by: Stefan Weil <sw at weilnetz.de> Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 3f3a29f796db72b73ba858c27bfb3ba7d973f348 Author: Stefan Weil <sw at weilnetz.de> Date: Mon Jun 15 21:50:14 2015 +0200 Bug 14383: admin: Fix some typos in comments and documentation Most of them were found and fixed using codespell. Signed-off-by: Stefan Weil <sw at weilnetz.de> Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit fc70c3a4bc9175c2f4f250aeb0bd40ae048df721 Author: Stefan Weil <sw at weilnetz.de> Date: Mon Jun 15 16:51:51 2015 +0200 Bug 14383: acqui: Fix some typos in comments and documentation Most of them were found and fixed using codespell. Signed-off-by: Stefan Weil <sw at weilnetz.de> http://bugs.koha-community.org/show_bug.cgi?id=14383 Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 0cac7bc140a53773fd841472bbd306e65ae60a97 Author: Stefan Weil <sw at weilnetz.de> Date: Mon Jun 15 16:49:47 2015 +0200 Bug 14383: Fix some typos in comments and documentation Most of them were found and fixed using codespell. Signed-off-by: Stefan Weil <sw at weilnetz.de> http://bugs.koha-community.org/show_bug.cgi?id=14383 Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 64925f7522a7f3d2d22e07df6bd9d7653cfc4a91 Author: Stefan Weil <sw at weilnetz.de> Date: Mon Jun 15 07:47:18 2015 +0200 Bug 14383: C4: Fix some typos (mostly in comments and documentation) Most of them were found and fixed using codespell. Fix also some related grammar issues. In C4/Serials.pm a variable was renamed to make future codespelling checks easier. Signed-off-by: Stefan Weil <sw at weilnetz.de> http://bugs.koha-community.org/show_bug.cgi?id=14383 Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 63c158968593de976afb0acf101f0f33dfc7597f Author: Stefan Weil <sw at weilnetz.de> Date: Sun Jun 14 22:42:57 2015 +0200 Bug 14383: misc: Fix some typos in comments and documentation Most of them were found and fixed using codespell. Signed-off-by: Stefan Weil <sw at weilnetz.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 15b3ba5a6360241c3082373cd7ea0af73d0babef Author: Stefan Weil <sw at weilnetz.de> Date: Sun Jun 14 22:30:12 2015 +0200 Bug 14383: debian: Fix some trivial typos They were found and fixed using codespell. Signed-off-by: Stefan Weil <sw at weilnetz.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit e5cea455d00c52b4a81e87b4dc77315c03ce8630 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Mon Jun 8 01:30:58 2015 +0200 Bug 14356: Improvements to the 'Transfers to receive' page Patch makes several small changes to the template for the 'Transfers to receive page' 1) Show the branch name instead of the branchcode in the table of incoming transfers. If there is a hold connected with the transfer: 2) Show the patron's name as 'surname, firstname' intead of 'surname firstname' 3) Restore broken feature: Show a mailto: link with a generated subject of 'Hold: <title>'. The mailto: feature actually existed in the templates, but was broken to a misnamed database column. I made some small changes to make the subject translatable (see bug 8330). To test: - Create a transfer by placing a hold with pickup at another library - Craete a transfer manually - Go to the circulation > transfers to receive - Check the changes explained above, compare before and after - Check the mailto: link works as expected Bonus: Check the Hold: bit in the subject is really translatable now. Signed-off-by: Nick Clemens <nick at quecheelibrary.org> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> ----------------------------------------------------------------------- Summary of changes: C4/Acquisition.pm | 8 ++--- C4/Auth.pm | 11 +++--- C4/AuthoritiesMarc.pm | 2 +- C4/Barcodes.pm | 2 +- C4/Barcodes/hbyymmincr.pm | 2 +- C4/Biblio.pm | 6 ++-- C4/Branch.pm | 6 ++-- C4/Calendar.pm | 2 +- C4/Circulation.pm | 10 +++--- C4/ClassSortRoutine.pm | 2 +- C4/Context.pm | 4 +-- C4/Creators/Batch.pm | 4 +-- C4/Creators/Layout.pm | 6 ++-- C4/Creators/PDF.pm | 2 +- C4/Creators/Profile.pm | 4 +-- C4/Creators/Template.pm | 6 ++-- C4/Dates.pm | 4 +-- C4/Installer.pm | 2 +- C4/Items.pm | 6 ++-- C4/Koha.pm | 4 +-- C4/Labels/Label.pm | 2 +- C4/Patroncards/Lib.pm | 4 +-- C4/Ratings.pm | 5 ++- C4/Reports/Guided.pm | 6 ++-- C4/Reserves.pm | 16 ++++----- C4/Ris.pm | 4 +-- C4/RotatingCollections.pm | 16 ++++----- C4/SIP/ILS/Patron.pod | 4 +-- C4/SIP/Sip.pm | 2 +- C4/SIP/Sip/MsgType.pm | 8 ++--- C4/Search.pm | 4 +-- C4/Serials.pm | 6 ++-- C4/Serials/Frequency.pm | 2 +- C4/Serials/Numberpattern.pm | 2 +- C4/ShelfBrowser.pm | 2 +- C4/TTParser.pm | 8 ++--- C4/Tags.pm | 4 +-- C4/UploadedFile.pm | 2 +- C4/Utils/DataTables/ColumnsSettings.pm | 2 +- C4/Utils/DataTables/Members.pm | 2 +- C4/XSLT.pm | 2 +- acqui/addorder.pl | 2 +- acqui/addorderiso2709.pl | 2 +- acqui/basketgroup.pl | 2 +- acqui/orderreceive.pl | 2 +- acqui/parcel.pl | 2 +- acqui/pdfformat/layout2pages.pm | 2 +- acqui/pdfformat/layout2pagesde.pm | 2 +- acqui/pdfformat/layout3pages.pm | 2 +- acqui/pdfformat/layout3pagesfr.pm | 2 +- admin/aqbudgets.pl | 6 ++-- admin/aqplan.pl | 2 +- admin/check_parent_total.pl | 2 +- admin/env_tz_test.pl | 2 +- circ/transferstoreceive.pl | 2 +- debian/control | 8 ++--- debian/control.in | 8 ++--- debian/templates/koha-sites.conf | 2 +- docs/CAS/CASProxy/examples/koha_webservice.pl | 2 +- docs/CAS/CASProxy/examples/proxy_cas.pl | 6 ++-- docs/CAS/CASProxy/examples/proxy_cas_callback.pl | 2 +- etc/zebradb/biblios/etc/bib1.att | 2 +- .../unimarc/biblios/biblio-koha-indexdefs.xml | 4 +-- etc/zebradb/marc_defs/unimarc/biblios/record.abs | 4 +-- .../prog/en/modules/circ/transferstoreceive.tt | 13 +++++--- misc/cronjobs/cloud-kw.pl | 10 +++--- misc/cronjobs/fines.pl | 2 +- misc/cronjobs/overdue_notices.pl | 6 ++-- misc/cronjobs/rss/README | 2 +- misc/cronjobs/staticfines.pl | 2 +- misc/devel/update_dbix_class_files.pl | 2 +- misc/load_testing/benchmark_circulation.pl | 2 +- misc/maintenance/MARC21_utf8_flag_fix.pl | 2 +- misc/migration_tools/bulkmarcimport.pl | 6 ++-- misc/migration_tools/koha-svc.pl | 2 +- misc/plack/koha.psgi | 2 +- t/db_dependent/Auth.t | 35 +++++++++++++++++++- t/db_dependent/VirtualShelves.t | 2 +- t/db_dependent/check_sysprefs.t | 2 +- tools/import_borrowers.pl | 2 +- tools/inventory.pl | 4 +-- tools/letter.pl | 2 +- virtualshelves/sendshelf.pl | 2 +- xt/author/valid-templates.t | 2 +- xt/permissions.t | 2 +- xt/tt_valid.t | 2 +- 86 files changed, 208 insertions(+), 164 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 00:29:12 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 22 Jun 2015 22:29:12 +0000 Subject: [koha-commits] main Koha release repository branch 3.18.x updated. v3.18.07-51-g4ff3b86 Message-ID: <E1Z7ADI-0004dG-4o@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.18.x has been updated via 4ff3b86e932e24a4d404f095578bc01f6afd9c6b (commit) via f462209e86e30e8ea23da67fb367c77c6d33be88 (commit) via 5b03b9716b762a1930aa5d298a163fef7fb76992 (commit) via 358e8e889d8a02d55210d353cd01bbf35d1ddc15 (commit) via 611df7517a2f1fa58c6780463ff56253d908a23d (commit) via 0cba81194f86b1b7fbea9d2ab48fe8c995a3c247 (commit) via a1e0768ceb728f0019086050837884d29e498dfe (commit) via 8ba165b069f9d921c103214b2803a6b9ff8b2f3b (commit) via 6c76df3ad5abf7679ec22d006133398b9816663a (commit) via 4bd9dbdb0cd32bb2f8892a5759d2f26923917665 (commit) via bd375631fcc0495661260df21bd32085a7bd387e (commit) via 503d90394ded34bab4671fa22e4c46291314ec84 (commit) via 971f6ccf917e57a9cb6de22d3d0092a017abef74 (commit) via 2a7b383c11398f9f49e0433222789a13aaa58ef0 (commit) via 20213b7d5c2d4a13e01c27969fc184e0c21ec3ae (commit) via 817e8f298f60279cc5c49fc0bc3bbea39f882dce (commit) via f62e95456b4e4177bcefe11312aea088a78efdab (commit) via c8a83c0804b36bf3e814b8483c013bc716d1d806 (commit) via dd6bb8fb380721323bc2f3b331430c7315f19b6d (commit) via 0c26902f230ea3638a29f653db5b84cdf3b81197 (commit) via 5d0e666e3655e739712b98f5073425b44ff761b2 (commit) via b2a8948b989ddbdb1a4f80122eee3d499abfa6ad (commit) via 6be5837e06bf8157b236e9bc48889bfd7ae90293 (commit) via 58313590f239062a1fe2d6a3778c298182c2fc32 (commit) via ef7de413c8571d8429994f7855550fedb97e39e2 (commit) via af127c124f1575a96cc3efca7eff0ef9135e88e6 (commit) via 433f4628b232058e90207b7b1c32c316b11450b1 (commit) via 7824fde152ca88c56af13564b065c06a3e2cb782 (commit) via 0e7d7284008c216b19a16bb39a8555636caad993 (commit) via bdd863335c4a698adbcbe44c9dcefb00658c04db (commit) via 55a57caf6c505550407bc076122932b7528279ed (commit) via 88332533798c924db5a3b1dcaf298bb1ef040569 (commit) via f703f2d3685666ae11890128d7bb80e186cb9384 (commit) via 6de54db7eefe7033b34e5d7e63473fef80e4f232 (commit) via 2c0237d3118fdd92a02dbc48a199758a3ac66b57 (commit) via 53318a5ea51fa24c062b82ba5caeb491dbb17e73 (commit) via 3dbf30c17de4f0c98f6d6e7b18c2d8c1ffed4269 (commit) via d023a70270574384b6178c18ac6344aeb9691d71 (commit) via 5b84b22cd82cc2022fbdfba442a9e0ffc3bdfc1f (commit) via f911c57996b7a53b48a2c45b20f0fde9ea050371 (commit) via 55afd5f0090ebb40f37316c71d30779de839b1a7 (commit) via c4932c301cc0b54b603746da57983ca94629af3c (commit) via c9a0fbe7c6f13ca17dbac3e96647195a17c7af6a (commit) via 6ce56d5589def9ae3613cf5b03db5c4b09296b05 (commit) via 9292bebbdd041788acdecda3cf3265169e8e231d (commit) via 5e48a461dbcd102ebc76c7552ed5b695861d97f7 (commit) via 2d2de7b2b3c69732617d1c8bc9f09d81ceedab13 (commit) via 1d9774a94d2682c3b6899e3a4c79a4f9d1afa1d1 (commit) via bb2eccde4dd3b8d9b9b9b72f6cc6651827f85561 (commit) via cedefdc86b7b1243d91d9059504a12f7aa0cec6f (commit) via 5bb8c8afd78dbf4e207607895ccc394c43e6821c (commit) from f89ec8c210e95ec1f02262e0ae025b230e06904f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4ff3b86e932e24a4d404f095578bc01f6afd9c6b Author: Chris <chris at bigballofwax.co.nz> Date: Mon Jun 22 05:23:52 2015 +0000 Bug 14408 Path Traversal error Counter counter patch Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt and not allowing ../etc Note the previous patch tries to protect against /etc/passwd but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> commit f462209e86e30e8ea23da67fb367c77c6d33be88 Author: Liz Rea <wizzyrea at gmail.com> Date: Tue Jun 23 09:57:18 2015 +1200 Revert "Bug 14408 Path traversal vulnerability" This reverts commit a1e0768ceb728f0019086050837884d29e498dfe. commit 5b03b9716b762a1930aa5d298a163fef7fb76992 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:41:45 2015 +1200 Bug 14418 : More XSS vulnerabilities in opac-shelves.pl To test: 1/ Hit a url like /cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh noes')</script> Where the id is a valid shelf id 2/ Notice the js is executed 3/ Apply patch 4/ Reload page 5/ Notice input is now escaped on display Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Tested in Debian, couldn't reproduce the alert in Iceweasel, but in Chromium. Patch fixes it. commit 358e8e889d8a02d55210d353cd01bbf35d1ddc15 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:30:22 2015 +1200 Bug 14418 : XSS flaw in opac-shelves.pl To test: 1/ Create a list and add at least one item to it 2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E Where the shelf id is the number of the list you created, notice the js is executed 3/ Apply the patch 4/ Reload the page notice the js is now escaped Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> commit 611df7517a2f1fa58c6780463ff56253d908a23d Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 09:25:22 2015 +1200 Bug 14418 XSS Vulnerabilities Fix for /cgi-bin/koha/opac-search.pl To test 1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script src='http://cst.sba-research.org/x.js'/>&q=a 2/ Notice the js is executed 3/ Apply patch 4/ Reload page, notice it is no longer executed 5/ Test the rss links work still Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed bug and that the patch fixes it. commit 0cba81194f86b1b7fbea9d2ab48fe8c995a3c247 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 08:35:07 2015 +1200 Bug 14412 : SQL injection possible There is a SQL Injection vulnerability in the /cgi-bin/koha/opac-tags_subject.pl script. By manipulating the variable 'number', the database can be accessed via time-based blind injections. The following string serves as an example: /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) To exploit the vulnerability, no authentication is needed To test 1/ Turn on mysql query logging 2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 3/ Check the logs notice something like SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 PROCEDURE ANALYSE (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 4/ Apply patch 5/ Hit the url again 6/ Notice the log now only has SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed the problem and the fix for it. Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit a1e0768ceb728f0019086050837884d29e498dfe Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:12:45 2015 +0200 Bug 14408 Path traversal vulnerability /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> commit 8ba165b069f9d921c103214b2803a6b9ff8b2f3b Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Sat Jun 6 14:34:57 2015 +0200 Bug 14350: Missing statement in kohastructure.sql - DROP TABLE IF EXISTS borrower_sync Reported by Jonathan on bug 11401: DROP TABLE IF EXISTS borrower_sync; is missing in installer/data/mysql/kohastructure.sql To test: - Run the web installer and confirm all tables are created correctly Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit 2fe241cc0f774799b8dca329d41d03f2217ffcaa) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 6c76df3ad5abf7679ec22d006133398b9816663a Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Tue Apr 28 11:26:44 2015 +0200 Bug 11941: Add link to patron lists from the patron home page The patron lists are only accessible from the tools module, which is not easily accessible when you are in the patron module. Test plan: Go on the patron home page. In the toolbar, you should see a link to the patron lists. NOTE: Tweaked button to a to get the click to work. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Liz Rea <liz at catalyst.net.nz> Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 27ef1410a7784577149bed6a466937c7ded6ba70) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 4bd9dbdb0cd32bb2f8892a5759d2f26923917665 Author: Indranil Das Gupta <indradg at gmail.com> Date: Mon May 25 05:25:04 2015 +0530 Bug 14206: Adds test for getletter() call from overdue_notices.pl Adds missing test for getletter() when called from overdue_notices.pl Test plan ========= 1/ apply this patch 2/ run prove -v t/db_dependent/Letters.t all tests should pass, especially test #40 which tests call from overdue_notices.pl Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit c07f83f643e6b8820d90487a23e91e9b062a5cd6) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit bd375631fcc0495661260df21bd32085a7bd387e Author: Indranil Das Gupta <indradg at gmail.com> Date: Fri May 22 03:49:10 2015 +0530 Bug 14206: Adds delete function for non email templates C4::Letters::getletter() is called in tools/letter.pl by the function delete_confirm() to display the selected notice for deletion. Due to current implementation of getletter(), a notice that does not use the 'email' template (but uses any/all of the other templates - sms, print or phone) can't be deleted from the staff client. This patch adds deletion capability for notices that do not use email template, but uses any/all of the other templates i.e. sms, print or phone. This also adds 2 tests to t/db_dependent/Letters.t for testing both conditions - a) when message_transport_type is specified b) when it is not. Test plan ========= 1/ Go to Tools -> Notices & Slips. Add a new notice only for print, leave 'Library' and 'Koha module' options as default selections. Enter 'KOHA_14206' and 'Koha Test 14206' against Code and Name respectively, and 'Test' and 'Test Message' for subject and body. Leave the Email, Phone and SMS tabs blank. Save the notice. 2/ On the notices listing page the new notice will be listed. Try to delete it. It will load the 'Delete notice' dialog form, but the table will not show any data under <th>s - 'Library', 'Module', 'Code' or 'Name'. 3/ Click the "Yes, delete" button. The page will be submitted and the Notices listing reloaded. The print-only KOHA_14206 notice should continue to exist. This is *wrong*. 4/ Apply this patch 5/ Reload the listings page and click on the 'Delete' link for Notice KOHA_14206. This time, it should show the data under 'Module', 'Code' or 'Name' at least. 6/ Click on 'Yes, delete'. The page should submit and the listing page reload. This time KOHA_14206 will be gone. 7/ Run prove -v t/db_dependent/Letters.t All tests should PASS without any error. Followed test plan. Works as expected. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 8895caa33985bbb0cad9b011c4706d4591d2869b) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 503d90394ded34bab4671fa22e4c46291314ec84 Author: Kyle M Hall <kyle at bywatersolutions.com> Date: Fri Jun 5 08:06:29 2015 -0400 Bug 14338: Unable to delete patron images The call to RmPatronImage is still passing cardnumber as its parameter instead of borrowernumber. Test Plan: 1) Upload a patron image 2) Ensure the card number is not the same as the borrower number 3) Attempt to delete patron image -- Image will remain 4) Apply this patch 5) Attempt to delete patron image -- Image will be removed 6) run koha qa test tools Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 721a77e6696c26efedd1955569a00e1dff2aa6b8) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 971f6ccf917e57a9cb6de22d3d0092a017abef74 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri May 22 13:11:19 2015 +0200 Bug 13265: Use sessionStorage to store searches instead of cookies This is a counter patch. The idea is to provide a permanent solution for the cookie length issue we occurred on storing the searches (intranet side). Test plan: Launch as many searches as you can (don't forget to sleep). You should not get any error. Confirm there is no regression using the results browser. Tested with 6 parralel searches in different tabs (with alternatively browising up and down). No problems found. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 41b9687d975a3c2a54cc28229d4ba76edf175de9) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 2a7b383c11398f9f49e0433222789a13aaa58ef0 Author: Aleisha <aleishaamohia at hotmail.com> Date: Tue Jun 9 02:02:55 2015 +0000 Bug 14360: Unescaped variable causes alert pop-up To test: 1) Create a list in the OPAC, name it: <script>alert('Hello');</script> 2) Delete the list 3) Confirm deletion 4) See the alert say 'Hello' 5) Apply patch 6) Recreate list with same name 7) Delete list 8) Confirm deletion and alert no longer pops up Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 9bef8f8738492564af7da78cba841366c70ada3c) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 20213b7d5c2d4a13e01c27969fc184e0c21ec3ae Author: Aleisha <aleishaamohia at hotmail.com> Date: Mon Jun 8 02:30:23 2015 +0000 Bug 14360: Unescaped variable causes alert Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert. To test: 1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 2) Notice pop-up box with alert 3) Apply patch, refresh page 4) Notice alert is gone Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 9e920f7479df6d36db3e3450d6e6c2524fa9fe56) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 817e8f298f60279cc5c49fc0bc3bbea39f882dce Author: Mark Tompsett <mtompset at hotmail.com> Date: Wed Apr 15 01:02:08 2015 -0400 Bug 10625: Inventory/Stocktaking tool cannot handle windows file uploads The current code uses $barcode = <fh>; logic. This reads until \n, as far as I can tell. EOL is indicated by \n, \r, and \r\n depending on OS and software. So, to this end, rather than File::Slurp (which is a potential memory hog, which is already an issue with no filters), a loop to pre-read the barcodes was written. This loop includes: $barcode =~ s/\r/\n/g; $barcode =~ s/\n\n/\n/g; my @data = split(/\n/, $barcode); push @uploadedbarcodes, at data; So, that means that lines ending in \n would have it stripped and pushed into the uploaded barcodes array. Lines ending in \r would likely be read as one giant block, have everything converted to single \n's and then using a split, the set of barcodes are pushed into the uploaded barcodes array. Lines ending in \r\n would get that stripped and pushed into the uploaded barcodes array. It is then the uploaded barcodes array that is looped over for validating the barcodes. TEST PLAN --------- 1) Back up your database 2) Download the three sample files (or create your own) 3) Log in to staff client 4) Create a branch with no inventory. 5) Home -> Tools -> Inventory/Stocktaking 6) Browse for your '\r' test file. 7) Limit to just that branch 8) Click 'Submit' -- Confirm expected errors 9) Repeat steps 5-8 with the '\n' test file. 10) Repeat steps 5-8 with the '\r\n' test file. -- one of these repetitions should have problems. 11) Apply patch 12) Repeat steps 5-8 for each of the 3 test files. -- there should be no issues. 13) run koha qa test tools. Note: This is a tweak based on Jonathan Druart's comment #16 I have reset it to needs sign off again. Followed test plan. Works as expected. qa OK. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit d75a751d49ad65b007572e02320735d2b02c9e1f) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit f62e95456b4e4177bcefe11312aea088a78efdab Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Thu Apr 16 16:39:09 2015 +0200 Bug 10355: paramater 'object' lost on the road Test plan: 1) Go to any detail page in staff 2) Click on the modification log tab 3) Verify, that the object is prefilled with the records biblionumber and you can also see it as parameter in the url 4) Click a second time on modification log to reset your search Before this patch, the object parameter was empty. It now contains the value of the biblionumber. Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Work as described, no koha-qa errors http://bugs.koha-community.org/show_bug.cgi?id=10335 Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 0002126a2ab0ac38a8d3f144f446dc3ba69dab59) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> Conflicts: tools/viewlog.pl commit c8a83c0804b36bf3e814b8483c013bc716d1d806 Author: Tomas Cohen Arazi <tomascohen at gmail.com> Date: Fri Jun 5 12:01:28 2015 -0300 Bug 14344: uninitialized value warning C4/Utils/DataTables/Members.pm The condition for the assignment depends on $searchtype to be defined and equal to 'contains'. So this change doesn't change the semantics. - if $term !~ /^%/ - and $searchtype eq "contain"; + if (defined $searchtype) && $searchtype eq "contain" + && $term !~ /^%/; To test: - Home -> Circulation -> Checkout - Search for a user that does not exist (I searched 'whywouldthisexist') on the intranet interface. - Look at the intranet logs => FAIL: you get "Use of uninitialized value $searchtype in string eq at.,," - Apply the patch - Repeat the search => SUCCESS: No warning - Sign off :-D NOTE: Other pages are more forgiving. Tweaked test plan. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit d82aeb352f35ec37fdd62fed7e9a713168a21c28) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit dd6bb8fb380721323bc2f3b331430c7315f19b6d Author: Marc V?ron <veron at veron.ch> Date: Tue Jun 2 11:39:17 2015 +0200 Bug 14314: System Preferences: Better explanation for syspref 'ShowReviewerPhoto' [PASSED QA] If syspref ShowReviewerPhoto is enabled, the reviewer's avatar is displayed beside comments in OPAC. The avatar will be searched on www.libravatar.org using the patron's email address. This patch changes the text for 'ShowReviewerPhoto'. To test: Apply patch Go to Home > Administration > System preferences Search for ShowReviewerPhoto Verify that the new explanation makes sense. Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Better explanation, no errors. Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de> Changed mail to e-mail. Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit d763d7cf3c28149b5d7f82de8a98789ee97814d6) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 0c26902f230ea3638a29f653db5b84cdf3b81197 Author: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Date: Thu Jun 4 12:47:13 2015 +0200 Bug 14330: Remove unused email_sender from sendbasket/sendshelf The sendbasket/sendshelf scripts and templates do not use email_sender as a cgi parameter or as a template var. Probably a leftover from previous changes. Let's make Koha cleaner :) Test plan: [1] Send your cart from opac or staff. [2] Send a shelf from opac or staff. [3] Git grep email_sender. No results. Followed test plan. Works as expected. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 0114465ced0d87aed51e8632e0ec1c005ae4fce3) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 5d0e666e3655e739712b98f5073425b44ff761b2 Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Fri Apr 24 17:03:09 2015 +0200 Bug 11790: Remove dependency C4::Context from C4::Charset C4::Context is only used to retrieve a syspref value. This patch moves the use of C4::Context to a require. Test plan: Try to reach the SetMarcUnicodeFlag subroutine (batchmod, add/update a biblio, etc.) Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Tested on French UNIMARC install No errors adding/editing biblios No koha-qa errors Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 34fe5c24167f6bc27cff519d4a26c347d06341b3) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit b2a8948b989ddbdb1a4f80122eee3d499abfa6ad Author: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Date: Thu Jun 4 12:03:42 2015 +0200 Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText The synopsis of this TT plugin contains two example lines: [% myhtml FILTER html2text(leftmargin => 0, rightmargin => 0) %] [% myhtmltext | html2text %] These lines have been copied (without too much thought :) to a few templates. Since we do no use the variables myhtml or myhtmltext in these templates, these lines are useless. Test plan: [1] Put some items in your cart. And send it. [2] Send a shelf. [3] Git grep on myhtml. Should not have results. NOTE: Sent carts and lists in Intranet and OPAC successfully. Though, this does bring into question why the letters have HTML formatting if it is getting removed. That, however, is beyond the scope of this bug. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 4fd923e12eea70b7e871f0068471ff5ef91dda01) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 6be5837e06bf8157b236e9bc48889bfd7ae90293 Author: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Date: Thu Jun 4 09:15:24 2015 +0200 Bug 14327: Fix js error "TypeError: events is null" in additem.js If you have no item plugins, the events variable in BindPluginEvents of additem.js will be null. So testing events.length will generate the described error. This patch adds a check to prevent that from happening again. Test plan: [1] Do not yet apply this patch ! [2] Temporarily remove framework plugins from your items (in ACQ or default framework). Probably you have to clear dateaccessioned.pl and barcode.pl. [3] Open js console in your browser. [4] Go to Acquisition. Open a basket and add an order from a new empty record. [5] You should see js error: "TypeError: events is null" (additem.js:176) [6] Apply this patch and reload the page (make sure that you refresh so that the new javascript code is read). [7] The TypeError should be gone. [8] Restore the framework plugins from step 2. Refresh the page again and verify that they still work as expected. Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit 5132d5f991515b86a9282b214a9418b65b4c0881) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> Conflicts: koha-tmpl/intranet-tmpl/prog/en/js/additem.js commit 58313590f239062a1fe2d6a3778c298182c2fc32 Author: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Date: Tue May 26 14:52:07 2015 +0200 Bug 14276: Keep highlight on the active item in item editor The highlight only works on even items. This patch should resolve it. Test plan: Edit biblio with multiple items. Verify that the highlight is visible on the selected item you edit. And that there is no highlight for a new item. Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 83c6817a86de68fb08cb73aef3b8b46d12587116) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit ef7de413c8571d8429994f7855550fedb97e39e2 Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Date: Mon Jun 1 15:34:00 2015 -0300 Bug 14173: Paging on 'recent comments' page in OPAC is not displaying correctly This patch corrects the display of current page on a multipage recent comments. To test: 1) Enable OpacShowRecentComments 2) Add multiple comments to multiple records I used a script to add multiple lines like "insert into reviews values ($i, 51, $i, 'Comment $i', 1, '2015-06-01 00:00:00')" to table reviews 3) On OPAC, go to 'Recent comments', verify the bug 4) Apply the patch 5) Reload and check correct display Can't found missing space near 'by' from description. Display is correct for me. Followed test plan, displays as expected. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 7928cdfbd405de9d4a8fffc535d3dcbd9a95226c) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit af127c124f1575a96cc3efca7eff0ef9135e88e6 Author: Dobrica Pavlinusic <dpavlin at rot13.org> Date: Tue Mar 10 13:35:03 2015 +0100 Bug 13815 - plack loose CGI qw(-utf8) flag creating incorrect utf-8 encoding everywhere This is major problem for plack installations with utf-8 encoding. In this case, we are overriding CGI->new to setup utf-8 flag and get correctly decoded $cgi->params, and reset syspref cache using C4::Context->clear_syspref_cache Test scenario: 1. under plack try to search with utf-8 charactes 2. try to find patron with utf-8 characters Signed-off-by: Gaetan Boisson <gaetan.boisson at biblibre.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 3cd086b6b6be08d902a479f302ccf18e55de911b) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> commit 433f4628b232058e90207b7b1c32c316b11450b1 Author: Kyle M Hall <kyle at bywatersolutions.com> Date: Fri May 29 09:36:34 2015 -0400 Bug 14299: Today's checkouts not always sorting correctly Sometimes the today's checkouts do not sort correctly. This is due to a simple typo in the comparison line where the bad key 'timstamp' is compared against the correct key 'timestamp'. Test Plan: 1) Check out a decent number of items in a row ( 5+ ) 2) Hopefully you will see they are sorted incorrectly 3) Apply this patch 4) Reload the page 5) Note they are now sorted correctly Followed test plan. Works as expected. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 8e9f89e92b48f1aac786e9b5608338a14603f52f) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 7824fde152ca88c56af13564b065c06a3e2cb782 Author: Liz Rea <wizzyrea at gmail.com> Date: Mon Jun 8 16:19:07 2015 +1200 Updating database to version 3.18.07.001 commit 0e7d7284008c216b19a16bb39a8555636caad993 Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Date: Thu May 28 12:18:38 2015 -0300 Bug 14285: Bengali locale needs to be re-defined This patch renames translation files for Bengali language, from ben-* to bn-IN-*. Also adds India as region To test: 1) Apply the patch 2) Run updatedatabase 3) Install Bengali language cd misc/translator perl translate install bn-IN enable Check correct description 4) Create and install a fake Bengali variant cd misc/translator perl translate create bn-XX perl translate install bn-XX enable both variants Check correct rendering of region Results comply with expected test plan outcome. Signed off for bn-IN Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit e365e6e53592a4639f18173def7e74e0ad24419c) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> Conflicts: misc/translator/po/bn-IN-marc-MARC21.po misc/translator/po/bn-IN-marc-NORMARC.po misc/translator/po/bn-IN-marc-UNIMARC.po misc/translator/po/bn-IN-staff-prog.po commit bdd863335c4a698adbcbe44c9dcefb00658c04db Author: Zeno Tajoli <z.tajoli at cineca.it> Date: Wed Apr 22 17:03:38 2015 +0200 Bug 14047: Order z39.50 biblioservers in cataloguing Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Bug 14047: Sort z39.50 servers in Acquisition Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Bug 14047: [QA Follow-up] Move result_class back into attributes No need to put this into a separate call. Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Note that we strictly speaking do not need the hashref inflator here, because TT understands hash.column as well as object.property. Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit c7a67ea4f33402a1f3165864952d6a692f898953) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 55a57caf6c505550407bc076122932b7528279ed Author: Marc V?ron <veron at veron.ch> Date: Sun Apr 26 21:36:25 2015 +0200 Bug 11929: patron modification error shows borrowernumber If an error occurs in patron batch modification, a message similar to the following is displayed: Can not update patron with borrowernumber 7055 It would be useful to have the cardnumber as well. This patch adds the card number to the lists of errors. It is not easy to trigger an error (see comments). For testing, I tweaked the sub ModMember in C4/Members.pm to always return false. TEST PLAN --------- 1) Log in as a superlibrarian and create a test user 2) Change the cardnumber to a number differing from the borrower number. 3) Home -> Tools -> Batch patron modification 4) Type in the cardnumber of that test user 5) Check the Library checkbox. 6) Click Save -- nice error, but it is borrower number instead of the card number which was entered. 7) Apply the patch 8) Repeat steps 3-6 -- nice error, but it is now more informative. 9) run koha qa test tools. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 3b3f82de377c87f9108bf07dd0d293182e5b9bdc) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 88332533798c924db5a3b1dcaf298bb1ef040569 Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Date: Tue May 26 14:45:22 2015 -0300 Bug 14279: Remove CGI::scrolling_list from issues_avg_stats.pl This patch removes scrolling_lists from this file To test 1) Go to Reports > Average loan time 2) Check dropdowns Patron category, Item type, Sort1/2 and Into application will be changed 3) Apply the patch 4) Reload and check for regression Followed test plan. Works as expected. Signed-off-by: Marc Veron <veron at veron.ch> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 154eb5f6f55c60632811bcae240cc8254fab7efb) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit f703f2d3685666ae11890128d7bb80e186cb9384 Author: Mark Tompsett <mtompset at hotmail.com> Date: Fri May 22 09:02:23 2015 -0400 Bug 14112: Silence warnings in t/Charset.t After Jonathan said this was the wrong way to correct the issue, www.utf8-chartable.de made it clear to me that the \c3\a9 were missing x's. TEST PLAN --------- 1) prove t/Charset.t -- noise 2) apply patch 3) prove t/Charset.t -- no noise 4) koha qa test tools Signed-off-by: Aleisha <aleishaamohia at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 4d4582566ee7d2014f30f15db4889d4cad956316) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> Conflicts: t/Charset.t commit 6de54db7eefe7033b34e5d7e63473fef80e4f232 Author: Liz Rea <wizzyrea at gmail.com> Date: Mon Jun 8 12:27:28 2015 +1200 Revert "Bug 14112: Silence warnings in t/Charset.t" This reverts commit 55afd5f0090ebb40f37316c71d30779de839b1a7. commit 2c0237d3118fdd92a02dbc48a199758a3ac66b57 Author: David Cook <dcook at prosentient.com.au> Date: Mon May 25 14:01:09 2015 +1000 Bug 14265 - Use $.trim instead of trim() in admin/categorie.tt This patch replaces trim() with $.trim() in admin/categorie.tt, as $.trim() is more cross-platform (ie it is supported in "< IE9"). _TEST PLAN_ Before applying patch: 0) Use IE 8 or use Document Mode 8 in a newer IE using F12 Developer Tools 1) Go to Administration > Patron categories 2) Click "Edit" next to a category 3) Click "Save" at the bottom 4) Note the form doesn't submit (you can also notice the error in the console log) Apply the patch: 5) Hold down shift + refresh the page 6) Click "Save" at the bottom" 7) Note that the form does submit and there are no errors reported Signed-off-by: Indranil Das Gupta <indradg at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> No regression found using iceweasel. I did not know the staff interface was IE compatible. Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 06ef68046e52a56f690e656f30592ff46b21a383) Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 53318a5ea51fa24c062b82ba5caeb491dbb17e73 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Tue May 26 13:05:51 2015 +0200 Bug 14266: Trim the email address in the pl script The original concern of bug 14266 was to provide a compatibility for <IE9. But actually we don't need to trim the email address template side. It will even better to trim it in the perl script, so that the email will be trimed even if JS is disabled. Test plan: 1/ Share a list and does not provide any email address 2/ Submit => The form is not submited, no alert/message is displayed (same as before this patch). 3/ Share a list and provide an email address with spaces before and after 4/ Submit => You should receive the email Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Test output compliant with expected test plan outcome. Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit c7a8e4dd25768870de74a5a96c63a92ff1c7fcc8) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 3dbf30c17de4f0c98f6d6e7b18c2d8c1ffed4269 Author: David Cook <dcook at prosentient.com.au> Date: Mon May 25 14:07:27 2015 +1000 Bug 14266: Replace trim() with $.trim() in opac-shareshelf.tt This patch replaces trim() with $.trim() which is supported in versions of IE older than IE9. Revised test plan ================= Before applying patch: 0) Use IE 8 or Document Mode 8 in a newer IE using F12 Developer Tools 1) Set OpacAllowSharingPrivateLists to "Allow" in Global System Preferences 2) Create a private list in the OPAC 3) Add a record to the private list 4) Click "Share" or "Share list" on one of the list screens 5) Type in an email address and click "Send" 6) Note the error in the console log 7) The page should submit Apply the patch: 7) Hold shift + refresh the browser to update any Javascript cache 8) Try to "Share" the list again 9) Note that the form submit after clicking "Send" and that there are no errors in the console log http://bugs.koha-community.org/show_bug.cgi?id=14266 Signed-off-by: Indranil Das Gupta <indradg at gmail.com> Remarks: Works as per revised test plan Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit e1ac8b431002ad15ba8bc19a61f2daf0424552e2) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit d023a70270574384b6178c18ac6344aeb9691d71 Author: Kyle M Hall <kyle at bywatersolutions.com> Date: Wed May 20 11:31:18 2015 -0400 Bug 12066: New renew page in staff client doesn't record branch in statistics Test Plan: 1) Apply this patch 2) Renew an item via circ/renew.pl 3) Note the branch code of your logged in library is set as the branch in the generated statistic line Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Tested pre and post patch, now branch is saved No errors Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit d78f832cb026ace04ff3e6d2c3765b39656e0e11) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 5b84b22cd82cc2022fbdfba442a9e0ffc3bdfc1f Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Mon May 25 11:22:07 2015 +0200 Bug 13946: Change order status 'Pending' to 'Ordered' The order status after closing the basket is 'ordered' in the database, but displays as 'pending' in the staff interface. As we use 'pending' when you have to review a suggestion, this clashes in translations and the meaning is different. The patch renames 'pending' for the order status to 'Ordered' to be more clear. To test: - Verfiy 'Ordered' shows in the pull down on the acq advanced search and search still works correctly - Verify the results table also display 'Ordered' as the status Signed-off-by: C?dric Vita <cedric.vita at dracenie.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 480ac8667971a638b4b27d0dc8e5bb29f9f2a372) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit f911c57996b7a53b48a2c45b20f0fde9ea050371 Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Date: Tue May 26 11:00:02 2015 -0300 Bug 14275: Remove CGI::scrolling_list from guided_reports.pl Remove an instance of CGI::scrolling_list from this file To test: 1) Go to Reports, Guided report wizard, New SQL report 2) Create a report with some auth value list, e.g. SELECT surname,firstname FROM borrowers WHERE branchcode=<<Enter patrons library|branches>> Save 3) Clic on 'Run this report", look at the dropdown, that will be changed 4) Apply the patch 5) Reload, check dropdown and any regression Followed test plan, works as expected. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 764b425c1ce0573f9b02bfa3b9b2425137630f0c) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 55afd5f0090ebb40f37316c71d30779de839b1a7 Author: Mark Tompsett <mtompset at hotmail.com> Date: Fri May 22 09:02:23 2015 -0400 Bug 14112: Silence warnings in t/Charset.t After Jonathan said this was the wrong way to correct the issue, www.utf8-chartable.de made it clear to me that the \c3\a9 were missing x's. TEST PLAN --------- 1) prove t/Charset.t -- noise 2) apply patch 3) prove t/Charset.t -- no noise 4) koha qa test tools Signed-off-by: Aleisha <aleishaamohia at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 4d4582566ee7d2014f30f15db4889d4cad956316) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> Conflicts: t/Charset.t commit c4932c301cc0b54b603746da57983ca94629af3c Author: Magnus Enger <magnus at enger.priv.no> Date: Wed Apr 29 21:28:50 2015 +0200 Bug 14025: Fix 865u-links in the OPAC for NORMARC The display of links found in 856$u for NORMARC has not been keeping up with the one for MARC21, and several sysprefs have not been implemented. This patch tries to fix that. Affected sysprefs: - OPACURLOpenInNewWindow - URLLinkText - OPACDisplay856uAsImage - OPACTrackClicks To test: - Make sure you have a record with a URL in 856$u and marcflavor = NORMARC. (It does not have to be a full NORMARC setup or a NORMARC record, just make sure you are viewing the record through the NORMARC XSLT files.) - View the record both in a result list and in detail view - Check that the 4 involved sysprefs affect the display in the expected ways Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Tested on NORMARC setup and XSLTs Works as described, each syspref works No koha-qa errors Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Since it only affects NORMAC, I trust in Magnus :) Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 9b1241ecfca68c104d9adbb5d05a7547b5761e17) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit c9a0fbe7c6f13ca17dbac3e96647195a17c7af6a Author: Indranil Das Gupta <indradg at gmail.com> Date: Fri May 15 01:12:11 2015 +0530 Bug 14203: Message for non-existent lang removal A trivial string patch to update the error message displayed to user if koha-translate is used to attempt removal of a language that is not installed. Test plan ========= 1/ attempt to remove a non-existent language by <installdir>/debian/scripts/koha-translate --remove <langcode> 2/ it should show "Error: the selected language is not already installed." 3/ apply patch 4/ repeat step 1; it should show "Error: the selected language is not installed." Signed-off-by: Nick Clemens <nick at quecheelibrary.org> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit d7dc11e61fea5dcc3f0087e46b6eee8d74c21c63) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 6ce56d5589def9ae3613cf5b03db5c4b09296b05 Author: Aleisha <aleishaamohia at hotmail.com> Date: Tue May 12 02:08:17 2015 +0000 Bug 14184: Undefined $term causes noisy warns in C4/CourseReserves.pm This patch sets $term to be an empty string. Test plan ========= 1/ enable 'UseCourseReserves' syspref in Circulation preferences 2/ in a terminal, run a `tail -f ` on your instance's opac-error.log 3/ go to the opac, click on 'Course reserve' tab to go to opac-course-reserves.pl 4/ notice the warning - "opac-course-reserves.pl: Use of uninitialized value $term" appear in the `tail`ed opac-error.log 5/ apply the patch 6/ reload the page (opac-course-reserves.pl) 7/ page works but the warning in step #4 is no longer logged 8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error Remarks: Testing result match expected test plan output. The QA tests pass with "OK" for the commit. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 4f994e8baf3ffd209f6a0a85993039f753ec6e32) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 9292bebbdd041788acdecda3cf3265169e8e231d Author: Aleisha <aleishaamohia at hotmail.com> Date: Tue May 12 03:01:35 2015 +0000 Bug 14185: Undefined $limit causes warn in opac/opac-readingrecord.pl This patch sets $limit to be an empty string. Test plan ========= 1/ login into the opac using your user account credentials 2/ in a terminal, run a `tail -f ` on your instance's opac-error.log 3/ go back to the opac, click on 'your reading history' tab to go to opac-readingrecord.pl 4/ notice the warning - "opac-readingrecord.pl: Use of uninitialized value $limit" appear in the `tail`ed opac-error.log 5/ apply the patch 6/ reload the page (opac-readingrecord.pl) 7/ page works but the warning in step #4 is no longer logged 8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error Remarks: Testing result match expected test plan output. The QA tests pass with "OK" for the commit. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit fd14184873e707236150e368f39b19a6992760b8) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 5e48a461dbcd102ebc76c7552ed5b695861d97f7 Author: Indranil Das Gupta <indradg at gmail.com> Date: Thu May 14 07:23:16 2015 +0530 Bug 14186 [QA Followup]: Undefined $reservedfor causes warn in opac-reserve.pl This is a followup for Bug 14186 that removes the extraneous tab char on line 470, so that the patch can clear QA tools. This patch sets $reservedfor to an empty string. Test plan ========= 1/ in a terminal, run `tail -f ` on your instance's opac-error.log 2/ go to the opac and search from an item that exists on the Koha instance. 3/ Select the title (if more than one title is returned) and click on 'Place hold' link to go to opac-reserve.pl 4/ notice the warning - "opac-reserve.pl: Use of uninitialized value $reservedfor" appear in the `tail`ed opac-error.log 5/ apply the patch 6/ reload the page (opac-reserve.pl) 7/ page works but the warning in step #4 is no longer thrown up 8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error Remarks: Testing result match expected test plan output. The QA tests pass with "OK" for the commit. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 642e6012cd125cbc3aeaca83e1fd2430ce43fdb0) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 2d2de7b2b3c69732617d1c8bc9f09d81ceedab13 Author: Aleisha <aleishaamohia at hotmail.com> Date: Tue May 12 03:30:46 2015 +0000 Bug 14186: Undefined $reservedfor causes warn in opac-reserve.pl This patch sets $reservedfor to an empty string. Test plan ========= 1/ in a terminal, run `tail -f ` on your instance's opac-error.log 2/ go to the opac and search from an item that exists on the Koha instance. 3/ Select the title (if more than one title is returned) and click on 'Place hold' link to go to opac-reserve.pl 4/ notice the warning - "opac-reserve.pl: Use of uninitialized value $reservedfor" appear in the `tail`ed opac-error.log 5/ apply the patch 6/ reload the page (opac-reserve.pl) 7/ page works but the warning in step #4 is no longer thrown up 8/ run qa test (i.e. koha-qa.pl -c 1 -v 2), there should be no error Remarks: The QA test failed - "forbidden pattern: tab char (line 470)". Marking this as 'FAILED QA' Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 8fdd352bc9bb4d0dd84ca0df33b51558ee765ea1) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 1d9774a94d2682c3b6899e3a4c79a4f9d1afa1d1 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Mon May 4 22:08:04 2015 +0200 Bug 14130: Update columns.def - Updates columns.def with new columns in items - Adds some descriptions - Corrects some existing column descrpitions To test: - Read the patch to see what has been changed - Run the guided report builder for the 'circulation' module - Observe changes show up Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Changes show up, no errors Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit cc4aaf891bdda0d94157c32a99c2a2acace41498) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit bb2eccde4dd3b8d9b9b9b72f6cc6651827f85561 Author: Tomas Cohen Arazi <tomascohen at theke.io> Date: Fri May 22 12:28:14 2015 -0300 Bug 14106: (QA followup) avoid failures if no instances created If there are no instances already created on install/upgrade, the koha-common.postinst script hungs in the absence of files to fix and keeps waiting for user input. Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit b46e47840a021488f31722645b8e63e454cff7db) Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit cedefdc86b7b1243d91d9059504a12f7aa0cec6f Author: Robin Sheat <robin at catalyst.net.nz> Date: Fri May 22 13:48:13 2015 +1200 Bug 14106: patch existing zebra configs with new modulePath This patches the zebra configuration of existing Koha installations so that their modulePath will work on newer Debian (and presumably Ubuntu) releases. Testing: * Install a package built with this patch onto a system with instances created by an older Koha version. * Check that the files in /etc/koha/sites/*/zebra-*.cfg have the new modulePath: directive rather than the old one. Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 48d793a0de9229463026444b3f919af9522d2211) Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 5bb8c8afd78dbf4e207607895ccc394c43e6821c Author: Robin Sheat <robin at catalyst.net.nz> Date: Thu May 21 15:48:06 2015 +1200 Bug 14106: fill up the zebra config with a list of modulePaths This adds the full list of paths that debian might use for zebra to the search path for modules. It also means we can say we support s390x architecture. Whatever that is. Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit b119dfcc0f6a7e676685e62193da0e1c138f0831) Signed-off-by: Liz Rea <wizzyrea at gmail.com> ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 3 + C4/Charset.pm | 2 +- C4/CourseReserves.pm | 1 + C4/Letters.pm | 7 +- C4/Utils/DataTables/Members.pm | 4 +- acqui/z3950_search.pl | 4 +- basket/sendbasket.pl | 2 - cataloguing/z3950_search.pl | 4 +- circ/renew.pl | 3 +- debian/koha-common.postinst | 9 + debian/scripts/koha-translate | 2 +- debian/templates/zebra-authorities-dom-site.cfg.in | 2 +- debian/templates/zebra-authorities-site.cfg.in | 2 +- debian/templates/zebra-biblios-dom-site.cfg.in | 2 +- debian/templates/zebra-biblios-site.cfg.in | 2 +- installer/data/mysql/kohastructure.sql | 1 + installer/data/mysql/mandatory/subtag_registry.sql | 10 + installer/data/mysql/updatedatabase.pl | 20 + koha-tmpl/intranet-tmpl/js/browser.js | 80 +- koha-tmpl/intranet-tmpl/prog/en/columns.def | 14 +- .../prog/en/includes/biblio-view-menu.inc | 2 +- .../prog/en/includes/patron-toolbar.inc | 3 + koha-tmpl/intranet-tmpl/prog/en/js/additem.js | 13 + .../prog/en/modules/acqui/histsearch.tt | 6 +- .../prog/en/modules/admin/categorie.tt | 2 +- .../prog/en/modules/admin/preferences/opac.pref | 2 +- .../prog/en/modules/basket/sendbasket.tt | 2 - .../prog/en/modules/cataloguing/additem.tt | 11 +- .../prog/en/modules/members/moremember.tt | 2 +- .../en/modules/reports/guided_reports_start.tt | 8 +- .../prog/en/modules/reports/issues_avg_stats.tt | 55 +- .../prog/en/modules/tools/modborrowers.tt | 7 +- .../prog/en/modules/virtualshelves/sendshelf.tt | 2 - .../en/modules/opac-authoritiessearchresultlist.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-results.tt | 4 +- .../bootstrap/en/modules/opac-sendbasket.tt | 2 - .../bootstrap/en/modules/opac-sendshelf.tt | 2 - .../bootstrap/en/modules/opac-shareshelf.tt | 17 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 8 +- .../bootstrap/en/modules/opac-showreviews.tt | 2 +- .../bootstrap/en/xslt/NORMARCslim2OPACDetail.xsl | 52 +- .../bootstrap/en/xslt/NORMARCslim2OPACResults.xsl | 50 + kohaversion.pl | 2 +- misc/plack/koha.psgi | 12 + misc/translator/po/bn-IN-marc-MARC21.po |14119 ++++++ misc/translator/po/bn-IN-marc-NORMARC.po | 2837 ++ misc/translator/po/bn-IN-marc-UNIMARC.po |13065 ++++++ ...n-opac-bootstrap.po => bn-IN-opac-bootstrap.po} | 0 misc/translator/po/{ben-pref.po => bn-IN-pref.po} | 0 .../po/{ben-staff-help.po => bn-IN-staff-help.po} | 0 misc/translator/po/bn-IN-staff-prog.po |47733 ++++++++++++++++++++ opac/opac-readingrecord.pl | 1 + opac/opac-reserve.pl | 1 + opac/opac-sendbasket.pl | 2 - opac/opac-sendshelf.pl | 1 - opac/opac-shareshelf.pl | 6 + opac/opac-tags_subject.pl | 4 +- reports/guided_reports.pl | 17 +- reports/issues_avg_stats.pl | 84 +- svc/checkouts | 2 +- t/Charset.t | 4 +- t/db_dependent/Letters.t | 17 +- tools/inventory.pl | 10 +- tools/modborrowers.pl | 6 +- tools/picture-upload.pl | 4 +- tools/viewlog.pl | 1 + virtualshelves/sendshelf.pl | 1 - 67 files changed, 78157 insertions(+), 204 deletions(-) create mode 100644 misc/translator/po/bn-IN-marc-MARC21.po create mode 100644 misc/translator/po/bn-IN-marc-NORMARC.po create mode 100644 misc/translator/po/bn-IN-marc-UNIMARC.po rename misc/translator/po/{ben-opac-bootstrap.po => bn-IN-opac-bootstrap.po} (100%) rename misc/translator/po/{ben-pref.po => bn-IN-pref.po} (100%) rename misc/translator/po/{ben-staff-help.po => bn-IN-staff-help.po} (100%) create mode 100644 misc/translator/po/bn-IN-staff-prog.po hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 00:55:36 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 22 Jun 2015 22:55:36 +0000 Subject: [koha-commits] main Koha release repository branch 3.18.x updated. v3.18.07-44-g8ba165b Message-ID: <E1Z7Acq-0004qP-Fx@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.18.x has been updated discards 4ff3b86e932e24a4d404f095578bc01f6afd9c6b (commit) discards f462209e86e30e8ea23da67fb367c77c6d33be88 (commit) discards 5b03b9716b762a1930aa5d298a163fef7fb76992 (commit) discards 358e8e889d8a02d55210d353cd01bbf35d1ddc15 (commit) discards 611df7517a2f1fa58c6780463ff56253d908a23d (commit) discards 0cba81194f86b1b7fbea9d2ab48fe8c995a3c247 (commit) discards a1e0768ceb728f0019086050837884d29e498dfe (commit) This update discarded existing revisions and left the branch pointing at a previous point in the repository history. * -- * -- N (8ba165b069f9d921c103214b2803a6b9ff8b2f3b) \ O -- O -- O (4ff3b86e932e24a4d404f095578bc01f6afd9c6b) The removed revisions are not necessarilly gone - if another reference still refers to them they will stay in the repository. No new revisions were added by this update. Summary of changes: C4/Auth.pm | 3 --- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt | 4 ++-- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 4 ++-- opac/opac-tags_subject.pl | 4 ++-- 4 files changed, 6 insertions(+), 9 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 02:26:59 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 00:26:59 +0000 Subject: [koha-commits] main Koha release repository branch 3.18.x updated. v3.18.07-45-gbea822e Message-ID: <E1Z7C3H-0005uo-Qa@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.18.x has been updated via bea822e6333ea3c7038b26619a0b75a62d5e6496 (commit) from 8ba165b069f9d921c103214b2803a6b9ff8b2f3b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bea822e6333ea3c7038b26619a0b75a62d5e6496 Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Date: Mon Jun 22 20:43:27 2015 -0300 Translation updates for Koha 3.18.08 release Fix Bengali files :) ----------------------------------------------------------------------- Summary of changes: .../po/am-Ethi-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/am-Ethi-opac-bootstrap.po | 947 +- misc/translator/po/am-Ethi-pref.po | 2 +- misc/translator/po/am-Ethi-staff-help.po | 2 +- .../po/ar-Arab-i-staff-t-prog-v-3006000.po | 572 +- misc/translator/po/ar-Arab-opac-bootstrap.po | 947 +- misc/translator/po/ar-Arab-pref.po | 4 +- misc/translator/po/ar-Arab-staff-help.po | 2 +- .../po/az-AZ-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/az-AZ-opac-bootstrap.po | 947 +- misc/translator/po/az-AZ-pref.po | 2 +- misc/translator/po/az-AZ-staff-help.po | 2 +- .../po/be-BY-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/be-BY-opac-bootstrap.po | 947 +- misc/translator/po/be-BY-pref.po | 2 +- misc/translator/po/be-BY-staff-help.po | 2 +- .../po/bg-Cyrl-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/bg-Cyrl-opac-bootstrap.po | 947 +- misc/translator/po/bg-Cyrl-pref.po | 2 +- misc/translator/po/bg-Cyrl-staff-help.po | 2 +- ...006000.po => bn-IN-i-staff-t-prog-v-3006000.po} | 568 +- misc/translator/po/bn-IN-marc-MARC21.po |14119 ------ misc/translator/po/bn-IN-marc-NORMARC.po | 2837 -- misc/translator/po/bn-IN-marc-UNIMARC.po |13065 ------ misc/translator/po/bn-IN-opac-bootstrap.po | 947 +- misc/translator/po/bn-IN-pref.po | 2 +- misc/translator/po/bn-IN-staff-help.po | 2 +- misc/translator/po/bn-IN-staff-prog.po |47733 -------------------- .../po/ca-ES-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ca-ES-opac-bootstrap.po | 947 +- misc/translator/po/ca-ES-pref.po | 2 +- misc/translator/po/ca-ES-staff-help.po | 2 +- .../po/cs-CZ-i-staff-t-prog-v-3006000.po | 6162 ++- misc/translator/po/cs-CZ-opac-bootstrap.po | 2951 +- misc/translator/po/cs-CZ-pref.po | 4 +- misc/translator/po/cs-CZ-staff-help.po |12468 +++-- .../po/da-DK-i-staff-t-prog-v-3006000.po | 594 +- misc/translator/po/da-DK-opac-bootstrap.po | 947 +- misc/translator/po/da-DK-pref.po | 4 +- misc/translator/po/da-DK-staff-help.po | 2 +- .../po/de-CH-i-staff-t-prog-v-3006000.po | 9129 ++-- misc/translator/po/de-CH-opac-bootstrap.po | 3945 +- misc/translator/po/de-CH-pref.po | 3404 +- misc/translator/po/de-CH-staff-help.po | 8 +- .../po/de-DE-i-staff-t-prog-v-3006000.po | 580 +- misc/translator/po/de-DE-opac-bootstrap.po | 963 +- misc/translator/po/de-DE-pref.po | 21 +- misc/translator/po/de-DE-staff-help.po | 2 +- .../po/el-GR-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/el-GR-opac-bootstrap.po | 947 +- misc/translator/po/el-GR-pref.po | 4 +- misc/translator/po/el-GR-staff-help.po | 2 +- .../po/en-GB-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/en-GB-opac-bootstrap.po | 947 +- misc/translator/po/en-GB-pref.po | 4 +- misc/translator/po/en-GB-staff-help.po | 2 +- .../po/en-NZ-i-staff-t-prog-v-3006000.po | 576 +- misc/translator/po/en-NZ-opac-bootstrap.po | 959 +- misc/translator/po/en-NZ-pref.po | 20 +- misc/translator/po/en-NZ-staff-help.po | 2 +- misc/translator/po/eo-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/eo-opac-bootstrap.po | 1606 +- misc/translator/po/eo-pref.po | 2 +- misc/translator/po/eo-staff-help.po | 2 +- .../po/es-ES-i-staff-t-prog-v-3006000.po | 576 +- misc/translator/po/es-ES-opac-bootstrap.po | 951 +- misc/translator/po/es-ES-pref.po | 13 +- misc/translator/po/es-ES-staff-help.po | 2 +- misc/translator/po/eu-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/eu-opac-bootstrap.po | 947 +- misc/translator/po/eu-pref.po | 2 +- misc/translator/po/eu-staff-help.po | 2 +- .../po/fa-Arab-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/fa-Arab-opac-bootstrap.po | 947 +- misc/translator/po/fa-Arab-pref.po | 2 +- misc/translator/po/fa-Arab-staff-help.po | 2 +- .../po/fi-FI-i-staff-t-prog-v-3006000.po | 572 +- misc/translator/po/fi-FI-opac-bootstrap.po | 947 +- misc/translator/po/fi-FI-pref.po | 4 +- misc/translator/po/fi-FI-staff-help.po | 2 +- .../po/fo-FO-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/fo-FO-opac-bootstrap.po | 947 +- misc/translator/po/fo-FO-pref.po | 2 +- misc/translator/po/fo-FO-staff-help.po | 2 +- .../po/fr-CA-i-staff-t-prog-v-3006000.po | 727 +- misc/translator/po/fr-CA-opac-bootstrap.po | 947 +- misc/translator/po/fr-CA-pref.po | 243 +- misc/translator/po/fr-CA-staff-help.po | 10 +- .../po/fr-FR-i-staff-t-prog-v-3006000.po | 606 +- misc/translator/po/fr-FR-opac-bootstrap.po | 947 +- misc/translator/po/fr-FR-pref.po | 4 +- misc/translator/po/fr-FR-staff-help.po | 2 +- misc/translator/po/gl-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/gl-opac-bootstrap.po | 947 +- misc/translator/po/gl-pref.po | 4 +- misc/translator/po/gl-staff-help.po | 2 +- .../po/he-Hebr-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/he-Hebr-opac-bootstrap.po | 947 +- misc/translator/po/he-Hebr-pref.po | 2 +- misc/translator/po/he-Hebr-staff-help.po | 2 +- misc/translator/po/hi-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/hi-opac-bootstrap.po | 947 +- misc/translator/po/hi-pref.po | 2 +- misc/translator/po/hi-staff-help.po | 2 +- .../po/hr-HR-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/hr-HR-opac-bootstrap.po | 947 +- misc/translator/po/hr-HR-pref.po | 2 +- misc/translator/po/hr-HR-staff-help.po | 2 +- .../po/hu-HU-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/hu-HU-opac-bootstrap.po | 947 +- misc/translator/po/hu-HU-pref.po | 2 +- misc/translator/po/hu-HU-staff-help.po | 2 +- .../po/hy-Armn-i-staff-t-prog-v-3006000.po | 572 +- misc/translator/po/hy-Armn-opac-bootstrap.po | 947 +- misc/translator/po/hy-Armn-pref.po | 10 +- misc/translator/po/hy-Armn-staff-help.po | 2 +- .../po/id-ID-i-staff-t-prog-v-3006000.po | 570 +- misc/translator/po/id-ID-opac-bootstrap.po | 947 +- misc/translator/po/id-ID-pref.po | 4 +- misc/translator/po/id-ID-staff-help.po | 2 +- .../po/is-IS-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/is-IS-opac-bootstrap.po | 947 +- misc/translator/po/is-IS-pref.po | 2 +- misc/translator/po/is-IS-staff-help.po | 2 +- .../po/it-IT-i-staff-t-prog-v-3006000.po | 579 +- misc/translator/po/it-IT-opac-bootstrap.po | 947 +- misc/translator/po/it-IT-pref.po | 10 +- misc/translator/po/it-IT-staff-help.po | 2 +- .../po/ja-Jpan-JP-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ja-Jpan-JP-opac-bootstrap.po | 947 +- misc/translator/po/ja-Jpan-JP-pref.po | 2 +- misc/translator/po/ja-Jpan-JP-staff-help.po | 2 +- misc/translator/po/ka-i-staff-t-prog-v-3006000.po | 570 +- misc/translator/po/ka-opac-bootstrap.po | 949 +- misc/translator/po/ka-pref.po | 2 +- misc/translator/po/ka-staff-help.po | 2 +- .../po/km-KH-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/km-KH-opac-bootstrap.po | 947 +- misc/translator/po/km-KH-pref.po | 2 +- misc/translator/po/km-KH-staff-help.po | 2 +- .../po/kn-Knda-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/kn-Knda-opac-bootstrap.po | 947 +- misc/translator/po/kn-Knda-pref.po | 2 +- misc/translator/po/kn-Knda-staff-help.po | 2 +- .../po/ko-Kore-KP-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ko-Kore-KP-opac-bootstrap.po | 947 +- misc/translator/po/ko-Kore-KP-pref.po | 4 +- misc/translator/po/ko-Kore-KP-staff-help.po | 2 +- .../po/ku-Arab-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ku-Arab-opac-bootstrap.po | 947 +- misc/translator/po/ku-Arab-pref.po | 13 +- misc/translator/po/ku-Arab-staff-help.po | 2 +- .../po/lo-Laoo-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/lo-Laoo-opac-bootstrap.po | 947 +- misc/translator/po/lo-Laoo-pref.po | 2 +- misc/translator/po/lo-Laoo-staff-help.po | 2 +- .../po/mi-NZ-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/mi-NZ-opac-bootstrap.po | 947 +- misc/translator/po/mi-NZ-pref.po | 2 +- misc/translator/po/mi-NZ-staff-help.po | 2 +- misc/translator/po/mon-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/mon-opac-bootstrap.po | 947 +- misc/translator/po/mon-pref.po | 2 +- misc/translator/po/mon-staff-help.po | 2 +- misc/translator/po/mr-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/mr-opac-bootstrap.po | 947 +- misc/translator/po/mr-pref.po | 4 +- misc/translator/po/mr-staff-help.po | 2 +- .../po/ms-MY-i-staff-t-prog-v-3006000.po | 576 +- misc/translator/po/ms-MY-opac-bootstrap.po | 947 +- misc/translator/po/ms-MY-pref.po | 2 +- misc/translator/po/ms-MY-staff-help.po | 2 +- .../po/nb-NO-i-staff-t-prog-v-3006000.po | 570 +- misc/translator/po/nb-NO-opac-bootstrap.po | 947 +- misc/translator/po/nb-NO-pref.po | 4 +- misc/translator/po/nb-NO-staff-help.po | 2 +- .../po/ne-NE-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ne-NE-opac-bootstrap.po | 947 +- misc/translator/po/ne-NE-pref.po | 2 +- misc/translator/po/ne-NE-staff-help.po | 2 +- .../po/nl-BE-i-staff-t-prog-v-3006000.po | 570 +- misc/translator/po/nl-BE-opac-bootstrap.po | 947 +- misc/translator/po/nl-BE-pref.po | 4 +- misc/translator/po/nl-BE-staff-help.po | 2 +- .../po/nl-NL-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/nl-NL-opac-bootstrap.po | 947 +- misc/translator/po/nl-NL-pref.po | 2 +- misc/translator/po/nl-NL-staff-help.po | 2 +- .../po/nn-NO-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/nn-NO-opac-bootstrap.po | 947 +- misc/translator/po/nn-NO-pref.po | 2 +- misc/translator/po/nn-NO-staff-help.po | 2 +- misc/translator/po/pbr-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/pbr-opac-bootstrap.po | 947 +- misc/translator/po/pbr-pref.po | 2 +- misc/translator/po/pbr-staff-help.po | 2 +- .../po/pl-PL-i-staff-t-prog-v-3006000.po | 598 +- misc/translator/po/pl-PL-opac-bootstrap.po | 1183 +- misc/translator/po/pl-PL-pref.po | 12 +- misc/translator/po/pl-PL-staff-help.po | 10 +- misc/translator/po/prs-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/prs-opac-bootstrap.po | 947 +- misc/translator/po/prs-pref.po | 4 +- misc/translator/po/prs-staff-help.po | 2 +- .../po/pt-BR-i-staff-t-prog-v-3006000.po | 592 +- misc/translator/po/pt-BR-opac-bootstrap.po | 947 +- misc/translator/po/pt-BR-pref.po | 64 +- misc/translator/po/pt-BR-staff-help.po | 2 +- .../po/pt-PT-i-staff-t-prog-v-3006000.po | 707 +- misc/translator/po/pt-PT-opac-bootstrap.po | 980 +- misc/translator/po/pt-PT-pref.po | 12 +- misc/translator/po/pt-PT-staff-help.po | 251 +- .../po/ro-RO-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ro-RO-opac-bootstrap.po | 947 +- misc/translator/po/ro-RO-pref.po | 2 +- misc/translator/po/ro-RO-staff-help.po | 2 +- .../po/ru-RU-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ru-RU-opac-bootstrap.po | 947 +- misc/translator/po/ru-RU-pref.po | 2 +- misc/translator/po/ru-RU-staff-help.po | 2 +- .../po/rw-RW-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/rw-RW-opac-bootstrap.po | 947 +- misc/translator/po/rw-RW-pref.po | 2 +- misc/translator/po/rw-RW-staff-help.po | 2 +- .../po/sd-PK-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/sd-PK-opac-bootstrap.po | 947 +- misc/translator/po/sd-PK-pref.po | 2 +- misc/translator/po/sd-PK-staff-help.po | 2 +- .../po/sk-SK-i-staff-t-prog-v-3006000.po | 6199 ++- misc/translator/po/sk-SK-opac-bootstrap.po | 2933 +- misc/translator/po/sk-SK-pref.po | 4 +- misc/translator/po/sk-SK-staff-help.po |12584 ++++-- .../po/sl-SI-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/sl-SI-opac-bootstrap.po | 947 +- misc/translator/po/sl-SI-pref.po | 4 +- misc/translator/po/sl-SI-staff-help.po | 2 +- .../po/sq-AL-i-staff-t-prog-v-3006000.po | 570 +- misc/translator/po/sq-AL-opac-bootstrap.po | 947 +- misc/translator/po/sq-AL-pref.po | 2 +- misc/translator/po/sq-AL-staff-help.po | 2 +- .../po/sr-Cyrl-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/sr-Cyrl-opac-bootstrap.po | 947 +- misc/translator/po/sr-Cyrl-pref.po | 2 +- misc/translator/po/sr-Cyrl-staff-help.po | 2 +- .../po/sv-SE-i-staff-t-prog-v-3006000.po | 570 +- misc/translator/po/sv-SE-opac-bootstrap.po | 949 +- misc/translator/po/sv-SE-pref.po | 4 +- misc/translator/po/sv-SE-staff-help.po | 2 +- .../po/sw-KE-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/sw-KE-opac-bootstrap.po | 947 +- misc/translator/po/sw-KE-pref.po | 2 +- misc/translator/po/sw-KE-staff-help.po | 2 +- .../po/ta-LK-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ta-LK-opac-bootstrap.po | 947 +- misc/translator/po/ta-LK-pref.po | 4 +- misc/translator/po/ta-LK-staff-help.po | 2 +- misc/translator/po/ta-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ta-opac-bootstrap.po | 947 +- misc/translator/po/ta-pref.po | 2 +- misc/translator/po/ta-staff-help.po | 2 +- misc/translator/po/tet-i-staff-t-prog-v-3006000.po | 572 +- misc/translator/po/tet-opac-bootstrap.po | 947 +- misc/translator/po/tet-pref.po | 2 +- misc/translator/po/tet-staff-help.po | 2 +- .../po/th-TH-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/th-TH-opac-bootstrap.po | 947 +- misc/translator/po/th-TH-pref.po | 2 +- misc/translator/po/th-TH-staff-help.po | 2 +- .../po/tl-PH-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/tl-PH-opac-bootstrap.po | 947 +- misc/translator/po/tl-PH-pref.po | 4 +- misc/translator/po/tl-PH-staff-help.po | 2 +- .../po/tr-TR-i-staff-t-prog-v-3006000.po | 572 +- misc/translator/po/tr-TR-opac-bootstrap.po | 947 +- misc/translator/po/tr-TR-pref.po | 10 +- misc/translator/po/tr-TR-staff-help.po | 2 +- .../po/uk-UA-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/uk-UA-opac-bootstrap.po | 947 +- misc/translator/po/uk-UA-pref.po | 2 +- misc/translator/po/uk-UA-staff-help.po | 2 +- .../po/ur-Arab-i-staff-t-prog-v-3006000.po | 568 +- misc/translator/po/ur-Arab-opac-bootstrap.po | 947 +- misc/translator/po/ur-Arab-pref.po | 2 +- misc/translator/po/ur-Arab-staff-help.po | 2 +- .../po/vi-VN-i-staff-t-prog-v-3006000.po | 572 +- misc/translator/po/vi-VN-opac-bootstrap.po | 947 +- misc/translator/po/vi-VN-pref.po | 4 +- misc/translator/po/vi-VN-staff-help.po | 2 +- .../po/zh-Hans-CN-i-staff-t-prog-v-3006000.po | 572 +- misc/translator/po/zh-Hans-CN-opac-bootstrap.po | 947 +- misc/translator/po/zh-Hans-CN-pref.po | 4 +- misc/translator/po/zh-Hans-CN-staff-help.po | 2 +- .../po/zh-Hans-TW-i-staff-t-prog-v-3006000.po | 624 +- misc/translator/po/zh-Hans-TW-opac-bootstrap.po | 967 +- misc/translator/po/zh-Hans-TW-pref.po | 5 +- misc/translator/po/zh-Hans-TW-staff-help.po | 12 +- 296 files changed, 96102 insertions(+), 150038 deletions(-) copy misc/translator/po/{ben-i-staff-t-prog-v-3006000.po => bn-IN-i-staff-t-prog-v-3006000.po} (99%) delete mode 100644 misc/translator/po/bn-IN-marc-MARC21.po delete mode 100644 misc/translator/po/bn-IN-marc-NORMARC.po delete mode 100644 misc/translator/po/bn-IN-marc-UNIMARC.po delete mode 100644 misc/translator/po/bn-IN-staff-prog.po hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 09:13:55 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 07:13:55 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-83-ga029423 Message-ID: <E1Z7IP5-0002GW-6s@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via a02942329b1ec7ddd4cdf7791fb209e3ab070fe5 (commit) via 83789dd75c74af25433ba2ede15b7bb71138540f (commit) via a4310e870247cb57cb1cbca55fed749d63469dcf (commit) via bab7a33c2d6b4774dd96af1d10f72620802e9b4e (commit) via 48af13bd1a0eff3162d5e8edb867a701e233e5da (commit) via d35384c039b8db00659d1cd0ee08cfb50c45481e (commit) via 66dc4a9e7d2f11b97f1a4b0f76b5c485c3873683 (commit) via 4b5a87c7ec62cfb796ea7c24aec8a61039e25f5c (commit) via f260c56838d5c914831b7de1171df11fa5714ce1 (commit) via beedae80631f0f34be341274ee63c6b0aeeb75d6 (commit) via bb5f6b4bfa20800ab36fdf899838e8adb18089dd (commit) via 364de7531c7b0ac604d396e3af1c84f674e7221e (commit) via b414b22bf063d58e0e2255a648097cf9111ab445 (commit) via f9569612b65798dce457b5650a5b5162b80b12e8 (commit) via 04fe052de7337f7c348de69df3d0ec1184b80e8d (commit) via 21cc992e7e5a35ccf1b7614cae638c9863e2a35f (commit) via afb00d13904052c71497834761e81996bc5f3d36 (commit) via 1ba766f200fd693665e942d9bee86c327893a9bb (commit) via 20910660a27f61307153afa05c13d67b1b5e91af (commit) via 1316436e269eec4836e0f999f62009ce41bcc08f (commit) from 0ba2e45448ff078de897b5eebd1acce5557b8a34 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a02942329b1ec7ddd4cdf7791fb209e3ab070fe5 Merge: a4310e8 83789dd Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Tue Jun 23 14:12:55 2015 +1200 Tranlsation updates Merge remote-tracking branch 'bernardo/3.20.01' into 3.20.x commit 83789dd75c74af25433ba2ede15b7bb71138540f Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Date: Mon Jun 22 21:20:17 2015 -0300 Translation updates for Koha 3.20.1 release commit a4310e870247cb57cb1cbca55fed749d63469dcf Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:35:07 2015 +0000 Bug 14423 : Multiple XSS bugs in suggestion.pl To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to= 2/ Notice alert box(es) 3/ Apply patch 4/ Reload and notice alert is gone Repeat for collection_title copyrightdate isbn manageddate_from manageddate_to publishercode suggesteddate_from suggesteddate_to Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit bab7a33c2d6b4774dd96af1d10f72620802e9b4e Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:20:51 2015 +0000 Bug 14423 : Multiple XSS vulnerabilities in serials-search To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter= 2/ Notice alert boxes 3/ Apply patch 4/ Reload, notice fixed Repeat for callnumber_filter EAN_filter ISSN_filter publisher_filter title_filter Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 48af13bd1a0eff3162d5e8edb867a701e233e5da Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:01:32 2015 +0000 Bug 14423 : XSS bugs in catalogue search To test 1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice alert boxes 3/ Apply patch 4/ Reload url, no alerts 5/ Check search still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit d35384c039b8db00659d1cd0ee08cfb50c45481e Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:33:13 2015 +0000 Bug 14423 XSS bug in auth_subfields_structure 1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice a ton of alert boxes pop up 3/ Apply patch 4/ Reload url, no longer get any alerts 5/ Test fuctionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 66dc4a9e7d2f11b97f1a4b0f76b5c485c3873683 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:18:20 2015 +0000 Bug 14423 : XSS bug in lateorders 1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom 2/ Not you get an alert box 3/ Apply patch notice it is fixed 4/ Test functionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 4b5a87c7ec62cfb796ea7c24aec8a61039e25f5c Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:10:20 2015 +0000 Bug 14423 : XSS in authorities-home To test: 1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice you get 3 alert boxes 3/ Apply patch 4/ Hit the url again, no js Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit f260c56838d5c914831b7de1171df11fa5714ce1 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Mon Jun 22 10:56:26 2015 +0200 Bug 14426: Escape or use placeholders for sql parameters Does this patch enough to prevent sql injection in borrowers_out.pl? ==================================================================== 1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil') ==================================================================== echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')" | nc testbox 9002 echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')" | nc testbox 9002 ==================================================================== 2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b ==================================================================== echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='a" | nc testbox 9002 echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='b" | nc testbox 9002 ==================================================================== Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit beedae80631f0f34be341274ee63c6b0aeeb75d6 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Mon Jun 22 10:24:51 2015 +0200 Bug 14408: Allow integers in template paths Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit 64e47c63dc59669c3c651b93630c470e06107fd6) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit bb5f6b4bfa20800ab36fdf899838e8adb18089dd Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:25:30 2015 +0200 Bug 14408: Add tests to get_template_and_user Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit 5dd7c8f0d5fae67ea6177fdbac77a04f70661864) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 364de7531c7b0ac604d396e3af1c84f674e7221e Author: Chris <chris at bigballofwax.co.nz> Date: Mon Jun 22 05:23:52 2015 +0000 Bug 14408: Path Traversal error Counter counter patch Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt and not allowing ../etc Note the previous patch tries to protect against /etc/passwd but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit 5a7f459290326e1cea8460bb0817492340dd4150) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit b414b22bf063d58e0e2255a648097cf9111ab445 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 08:35:07 2015 +1200 Bug 14412: SQL injection possible There is a SQL Injection vulnerability in the /cgi-bin/koha/opac-tags_subject.pl script. By manipulating the variable 'number', the database can be accessed via time-based blind injections. The following string serves as an example: /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) To exploit the vulnerability, no authentication is needed To test 1/ Turn on mysql query logging 2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 3/ Check the logs notice something like SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 PROCEDURE ANALYSE (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 4/ Apply patch 5/ Hit the url again 6/ Notice the log now only has SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed the problem and the fix for it. Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 57b01fb655955ac630d6018d03f4d134e7e3e25a) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit f9569612b65798dce457b5650a5b5162b80b12e8 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:41:45 2015 +1200 Bug 14418: More XSS vulnerabilities in opac-shelves.pl To test: 1/ Hit a url like /cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh noes')</script> Where the id is a valid shelf id 2/ Notice the js is executed 3/ Apply patch 4/ Reload page 5/ Notice input is now escaped on display Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Tested in Debian, couldn't reproduce the alert in Iceweasel, but in Chromium. Patch fixes it. Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit cd4c959f7226b060f683f5571f030cc2df7539ca) commit 04fe052de7337f7c348de69df3d0ec1184b80e8d Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:30:22 2015 +1200 Bug 14418: XSS flaw in opac-shelves.pl To test: 1/ Create a list and add at least one item to it 2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E Where the shelf id is the number of the list you created, notice the js is executed 3/ Apply the patch 4/ Reload the page notice the js is now escaped Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit b6ca2b0cd2d95e8aedbfd7c0c58ace8200620bf1) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 21cc992e7e5a35ccf1b7614cae638c9863e2a35f Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 09:25:22 2015 +1200 Bug 14418: XSS Vulnerabilities in OPAC search Fix for /cgi-bin/koha/opac-search.pl To test 1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script src='http://cst.sba-research.org/x.js'/>&q=a 2/ Notice the js is executed 3/ Apply patch 4/ Reload page, notice it is no longer executed 5/ Test the rss links work still Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed bug and that the patch fixes it. Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 45dd7754019e8f525c8d52bf33c41016e5ccbfab) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit afb00d13904052c71497834761e81996bc5f3d36 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 11:21:56 2015 +0200 Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet) Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 542b06f065bf550a2a625bbfb34ce73bb65d01a1) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 1ba766f200fd693665e942d9bee86c327893a9bb Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 11:21:47 2015 +0200 Bug 14416: (follow-up) opac addbybilionumber Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit abd2bc99e886c11fa9abe15ef01c3298d00757cb) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 20910660a27f61307153afa05c13d67b1b5e91af Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:26:02 2015 +1200 Bug 14416: Stored XSS vulnerability opac-addbybiblionumber.pl is also vulnerable because it doesn't escape list names. To test 1/ Create a malicious list name 2/ Try to add a biblio to the lists 3/ Notice js is excuted 4/ Apply patch 5/ Test again Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit fb51a4bb0f3ac8b42b53579fe3d6d73d0b3438cd) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 1316436e269eec4836e0f999f62009ce41bcc08f Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 10:54:40 2015 +1200 Bug 14416: Stored XSS vulnerability The affected page in the OPAC client is: http://testbox:9001/cgi-bin/koha/opac-shelves.pl the vulnerable parameter: addshelf The affected page in the STAFF client is: http://testbox:9002/cgi-bin/koha/virtualshelves/shelves.pl To test: 1/ Create a shelf in the opac that contains some malicious js eg Bad stuff <script>alert('oh noes');</script> as the name 2/ Go to /cgi-bin/koha/virtualshelves/shelves.pl in the staff client Note the js is executed 3/ View http://192.168.2.18:8080/cgi-bin/koha/svc/virtualshelves/search?template_path=virtualshelves/tables/shelves_results.tt&type=1 Notice the html is not escaped 4/ Apply patch 5/ View http://192.168.2.18:8080/cgi-bin/koha/svc/virtualshelves/search?template_path=virtualshelves/tables/shelves_results.tt&type=1 Notice the html is now escaped 6/ View /cgi-bin/koha/virtualshelves/shelves.pl - no more exploit Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 703a928b9d81e974d56c306cd0bee3670f243c55) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 3 + .../prog/en/includes/authorities-search.inc | 6 +- .../prog/en/modules/acqui/lateorders.tt | 6 +- .../en/modules/admin/auth_subfields_structure.tt | 28 +- .../prog/en/modules/catalogue/results.tt | 6 +- .../prog/en/modules/serials/serials-search.tt | 26 +- .../prog/en/modules/suggestion/suggestion.tt | 22 +- .../en/modules/virtualshelves/addbybiblionumber.tt | 8 +- .../virtualshelves/tables/shelves_results.tt | 2 +- .../bootstrap/en/modules/opac-addbybiblionumber.tt | 8 +- .../opac-tmpl/bootstrap/en/modules/opac-results.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 4 +- misc/translator/po/am-Ethi-opac-bootstrap.po | 147 +- misc/translator/po/am-Ethi-pref.po | 12 +- misc/translator/po/am-Ethi-staff-help.po | 2 +- misc/translator/po/am-Ethi-staff-prog.po | 1459 ++-- misc/translator/po/ar-Arab-marc-MARC21.po | 20 +- misc/translator/po/ar-Arab-marc-UNIMARC.po | 14 +- misc/translator/po/ar-Arab-opac-bootstrap.po | 282 +- misc/translator/po/ar-Arab-pref.po | 40 +- misc/translator/po/ar-Arab-staff-help.po | 75 +- misc/translator/po/ar-Arab-staff-prog.po | 2105 +++--- misc/translator/po/az-AZ-opac-bootstrap.po | 147 +- misc/translator/po/az-AZ-pref.po | 14 +- misc/translator/po/az-AZ-staff-help.po | 2 +- misc/translator/po/az-AZ-staff-prog.po | 1451 ++-- misc/translator/po/be-BY-opac-bootstrap.po | 151 +- misc/translator/po/be-BY-pref.po | 14 +- misc/translator/po/be-BY-staff-help.po | 2 +- misc/translator/po/be-BY-staff-prog.po | 1454 ++-- misc/translator/po/bg-Cyrl-opac-bootstrap.po | 147 +- misc/translator/po/bg-Cyrl-pref.po | 14 +- misc/translator/po/bg-Cyrl-staff-help.po | 2 +- misc/translator/po/bg-Cyrl-staff-prog.po | 1455 ++-- misc/translator/po/bn-IN-opac-bootstrap.po | 147 +- misc/translator/po/bn-IN-pref.po | 14 +- misc/translator/po/bn-IN-staff-help.po | 2 +- misc/translator/po/bn-IN-staff-prog.po | 1455 ++-- misc/translator/po/ca-ES-opac-bootstrap.po | 151 +- misc/translator/po/ca-ES-pref.po | 12 +- misc/translator/po/ca-ES-staff-help.po | 2 +- misc/translator/po/ca-ES-staff-prog.po | 1451 ++-- misc/translator/po/cs-CZ-marc-MARC21.po | 18 +- misc/translator/po/cs-CZ-opac-bootstrap.po | 157 +- misc/translator/po/cs-CZ-pref.po | 60 +- misc/translator/po/cs-CZ-staff-help.po | 26 +- misc/translator/po/cs-CZ-staff-prog.po | 1499 ++-- misc/translator/po/da-DK-opac-bootstrap.po | 208 +- misc/translator/po/da-DK-pref.po | 18 +- misc/translator/po/da-DK-staff-help.po | 18 +- misc/translator/po/da-DK-staff-prog.po | 2039 +++--- misc/translator/po/de-CH-opac-bootstrap.po | 155 +- misc/translator/po/de-CH-pref.po | 35 +- misc/translator/po/de-CH-staff-help.po | 2 +- misc/translator/po/de-CH-staff-prog.po | 1483 ++-- misc/translator/po/de-DE-opac-bootstrap.po | 167 +- misc/translator/po/de-DE-pref.po | 41 +- misc/translator/po/de-DE-staff-help.po | 21 +- misc/translator/po/de-DE-staff-prog.po | 1497 ++-- misc/translator/po/el-GR-opac-bootstrap.po | 147 +- misc/translator/po/el-GR-pref.po | 18 +- misc/translator/po/el-GR-staff-help.po | 2 +- misc/translator/po/el-GR-staff-prog.po | 1454 ++-- misc/translator/po/en-GB-opac-bootstrap.po | 160 +- misc/translator/po/en-GB-pref.po | 18 +- misc/translator/po/en-GB-staff-help.po | 2 +- misc/translator/po/en-GB-staff-prog.po | 3315 ++++----- misc/translator/po/en-NZ-marc-MARC21.po | 144 +- misc/translator/po/en-NZ-opac-bootstrap.po | 202 +- misc/translator/po/en-NZ-pref.po | 30 +- misc/translator/po/en-NZ-staff-help.po | 2 +- misc/translator/po/en-NZ-staff-prog.po | 1463 ++-- misc/translator/po/eo-opac-bootstrap.po | 149 +- misc/translator/po/eo-pref.po | 12 +- misc/translator/po/eo-staff-help.po | 2 +- misc/translator/po/eo-staff-prog.po | 1457 ++-- misc/translator/po/es-ES-opac-bootstrap.po | 161 +- misc/translator/po/es-ES-pref.po | 40 +- misc/translator/po/es-ES-staff-help.po | 22 +- misc/translator/po/es-ES-staff-prog.po | 1487 ++-- misc/translator/po/eu-opac-bootstrap.po | 151 +- misc/translator/po/eu-pref.po | 12 +- misc/translator/po/eu-staff-help.po | 2 +- misc/translator/po/eu-staff-prog.po | 1459 ++-- misc/translator/po/fa-Arab-opac-bootstrap.po | 147 +- misc/translator/po/fa-Arab-pref.po | 14 +- misc/translator/po/fa-Arab-staff-help.po | 2 +- misc/translator/po/fa-Arab-staff-prog.po | 1451 ++-- misc/translator/po/fi-FI-marc-MARC21.po | 13 +- misc/translator/po/fi-FI-opac-bootstrap.po | 149 +- misc/translator/po/fi-FI-pref.po | 18 +- misc/translator/po/fi-FI-staff-help.po | 2 +- misc/translator/po/fi-FI-staff-prog.po | 1459 ++-- misc/translator/po/fo-FO-opac-bootstrap.po | 147 +- misc/translator/po/fo-FO-pref.po | 12 +- misc/translator/po/fo-FO-staff-help.po | 2 +- misc/translator/po/fo-FO-staff-prog.po | 1451 ++-- misc/translator/po/fr-CA-opac-bootstrap.po | 151 +- misc/translator/po/fr-CA-pref.po | 20 +- misc/translator/po/fr-CA-staff-help.po | 2 +- misc/translator/po/fr-CA-staff-prog.po | 1463 ++-- misc/translator/po/fr-FR-opac-bootstrap.po | 176 +- misc/translator/po/fr-FR-pref.po | 46 +- misc/translator/po/fr-FR-staff-help.po | 12 +- misc/translator/po/fr-FR-staff-prog.po | 1550 +++-- misc/translator/po/gl-opac-bootstrap.po | 147 +- misc/translator/po/gl-pref.po | 16 +- misc/translator/po/gl-staff-help.po | 2 +- misc/translator/po/gl-staff-prog.po | 1451 ++-- misc/translator/po/he-Hebr-opac-bootstrap.po | 147 +- misc/translator/po/he-Hebr-pref.po | 12 +- misc/translator/po/he-Hebr-staff-help.po | 2 +- misc/translator/po/he-Hebr-staff-prog.po | 1451 ++-- misc/translator/po/hi-opac-bootstrap.po | 147 +- misc/translator/po/hi-pref.po | 12 +- misc/translator/po/hi-staff-help.po | 2 +- misc/translator/po/hi-staff-prog.po | 1451 ++-- misc/translator/po/hr-HR-opac-bootstrap.po | 333 +- misc/translator/po/hr-HR-pref.po | 12 +- misc/translator/po/hr-HR-staff-help.po | 2 +- misc/translator/po/hr-HR-staff-prog.po | 1457 ++-- misc/translator/po/hu-HU-opac-bootstrap.po | 149 +- misc/translator/po/hu-HU-pref.po | 14 +- misc/translator/po/hu-HU-staff-help.po | 2 +- misc/translator/po/hu-HU-staff-prog.po | 1451 ++-- misc/translator/po/hy-Armn-marc-MARC21.po | 20 +- misc/translator/po/hy-Armn-marc-UNIMARC.po | 14 +- misc/translator/po/hy-Armn-opac-bootstrap.po | 283 +- misc/translator/po/hy-Armn-pref.po | 40 +- misc/translator/po/hy-Armn-staff-help.po | 75 +- misc/translator/po/hy-Armn-staff-prog.po | 2132 +++--- misc/translator/po/id-ID-opac-bootstrap.po | 149 +- misc/translator/po/id-ID-pref.po | 18 +- misc/translator/po/id-ID-staff-help.po | 2 +- misc/translator/po/id-ID-staff-prog.po | 1453 ++-- misc/translator/po/is-IS-opac-bootstrap.po | 147 +- misc/translator/po/is-IS-pref.po | 16 +- misc/translator/po/is-IS-staff-help.po | 2 +- misc/translator/po/is-IS-staff-prog.po | 1451 ++-- misc/translator/po/it-IT-opac-bootstrap.po | 157 +- misc/translator/po/it-IT-pref.po | 31 +- misc/translator/po/it-IT-staff-help.po | 2 +- misc/translator/po/it-IT-staff-prog.po | 1591 ++--- misc/translator/po/ja-Jpan-JP-opac-bootstrap.po | 147 +- misc/translator/po/ja-Jpan-JP-pref.po | 12 +- misc/translator/po/ja-Jpan-JP-staff-help.po | 2 +- misc/translator/po/ja-Jpan-JP-staff-prog.po | 1497 ++-- misc/translator/po/ka-opac-bootstrap.po | 151 +- misc/translator/po/ka-pref.po | 12 +- misc/translator/po/ka-staff-help.po | 2 +- misc/translator/po/ka-staff-prog.po | 1455 ++-- misc/translator/po/km-KH-opac-bootstrap.po | 147 +- misc/translator/po/km-KH-pref.po | 12 +- misc/translator/po/km-KH-staff-help.po | 2 +- misc/translator/po/km-KH-staff-prog.po | 1455 ++-- misc/translator/po/kn-Knda-opac-bootstrap.po | 147 +- misc/translator/po/kn-Knda-pref.po | 12 +- misc/translator/po/kn-Knda-staff-help.po | 2 +- misc/translator/po/kn-Knda-staff-prog.po | 1451 ++-- misc/translator/po/ko-Kore-KP-opac-bootstrap.po | 147 +- misc/translator/po/ko-Kore-KP-pref.po | 16 +- misc/translator/po/ko-Kore-KP-staff-help.po | 2 +- misc/translator/po/ko-Kore-KP-staff-prog.po | 1451 ++-- misc/translator/po/ku-Arab-opac-bootstrap.po | 151 +- misc/translator/po/ku-Arab-pref.po | 18 +- misc/translator/po/ku-Arab-staff-help.po | 2 +- misc/translator/po/ku-Arab-staff-prog.po | 1453 ++-- misc/translator/po/lo-Laoo-opac-bootstrap.po | 147 +- misc/translator/po/lo-Laoo-pref.po | 14 +- misc/translator/po/lo-Laoo-staff-help.po | 2 +- misc/translator/po/lo-Laoo-staff-prog.po | 1451 ++-- misc/translator/po/mi-NZ-opac-bootstrap.po | 147 +- misc/translator/po/mi-NZ-pref.po | 12 +- misc/translator/po/mi-NZ-staff-help.po | 2 +- misc/translator/po/mi-NZ-staff-prog.po | 1451 ++-- misc/translator/po/mon-opac-bootstrap.po | 147 +- misc/translator/po/mon-pref.po | 14 +- misc/translator/po/mon-staff-help.po | 2 +- misc/translator/po/mon-staff-prog.po | 1451 ++-- misc/translator/po/mr-opac-bootstrap.po | 147 +- misc/translator/po/mr-pref.po | 16 +- misc/translator/po/mr-staff-help.po | 2 +- misc/translator/po/mr-staff-prog.po | 1451 ++-- misc/translator/po/ms-MY-opac-bootstrap.po | 149 +- misc/translator/po/ms-MY-pref.po | 14 +- misc/translator/po/ms-MY-staff-help.po | 2 +- misc/translator/po/ms-MY-staff-prog.po | 1455 ++-- misc/translator/po/nb-NO-opac-bootstrap.po | 155 +- misc/translator/po/nb-NO-pref.po | 34 +- misc/translator/po/nb-NO-staff-help.po | 2 +- misc/translator/po/nb-NO-staff-prog.po | 2893 ++++---- misc/translator/po/ne-NE-opac-bootstrap.po | 147 +- misc/translator/po/ne-NE-pref.po | 12 +- misc/translator/po/ne-NE-staff-help.po | 2 +- misc/translator/po/ne-NE-staff-prog.po | 1455 ++-- misc/translator/po/nl-BE-opac-bootstrap.po | 151 +- misc/translator/po/nl-BE-pref.po | 18 +- misc/translator/po/nl-BE-staff-help.po | 2 +- misc/translator/po/nl-BE-staff-prog.po | 1453 ++-- misc/translator/po/nl-NL-opac-bootstrap.po | 151 +- misc/translator/po/nl-NL-pref.po | 14 +- misc/translator/po/nl-NL-staff-help.po | 2 +- misc/translator/po/nl-NL-staff-prog.po | 1459 ++-- misc/translator/po/nn-NO-opac-bootstrap.po | 147 +- misc/translator/po/nn-NO-pref.po | 14 +- misc/translator/po/nn-NO-staff-help.po | 2 +- misc/translator/po/nn-NO-staff-prog.po | 1451 ++-- misc/translator/po/pbr-opac-bootstrap.po | 147 +- misc/translator/po/pbr-pref.po | 14 +- misc/translator/po/pbr-staff-help.po | 2 +- misc/translator/po/pbr-staff-prog.po | 1455 ++-- misc/translator/po/pl-PL-marc-MARC21.po | 701 +- misc/translator/po/pl-PL-marc-NORMARC.po | 40 +- misc/translator/po/pl-PL-opac-bootstrap.po | 780 ++- misc/translator/po/pl-PL-pref.po | 20 +- misc/translator/po/pl-PL-staff-help.po | 18 +- misc/translator/po/pl-PL-staff-prog.po | 1571 +++-- misc/translator/po/prs-opac-bootstrap.po | 147 +- misc/translator/po/prs-pref.po | 16 +- misc/translator/po/prs-staff-help.po | 2 +- misc/translator/po/prs-staff-prog.po | 1451 ++-- misc/translator/po/pt-BR-marc-MARC21.po | 80 +- misc/translator/po/pt-BR-opac-bootstrap.po | 286 +- misc/translator/po/pt-BR-pref.po | 20 +- misc/translator/po/pt-BR-staff-help.po | 2 +- misc/translator/po/pt-BR-staff-prog.po | 1542 +++-- misc/translator/po/pt-PT-marc-MARC21.po | 22 +- misc/translator/po/pt-PT-marc-UNIMARC.po | 16 +- misc/translator/po/pt-PT-opac-bootstrap.po | 305 +- misc/translator/po/pt-PT-pref.po | 65 +- misc/translator/po/pt-PT-staff-help.po | 312 +- misc/translator/po/pt-PT-staff-prog.po | 2178 +++--- misc/translator/po/ro-RO-opac-bootstrap.po | 147 +- misc/translator/po/ro-RO-pref.po | 14 +- misc/translator/po/ro-RO-staff-help.po | 2 +- misc/translator/po/ro-RO-staff-prog.po | 1451 ++-- misc/translator/po/ru-RU-opac-bootstrap.po | 151 +- misc/translator/po/ru-RU-pref.po | 14 +- misc/translator/po/ru-RU-staff-help.po | 2 +- misc/translator/po/ru-RU-staff-prog.po | 1454 ++-- misc/translator/po/rw-RW-opac-bootstrap.po | 147 +- misc/translator/po/rw-RW-pref.po | 12 +- misc/translator/po/rw-RW-staff-help.po | 2 +- misc/translator/po/rw-RW-staff-prog.po | 1451 ++-- misc/translator/po/sd-PK-opac-bootstrap.po | 147 +- misc/translator/po/sd-PK-pref.po | 14 +- misc/translator/po/sd-PK-staff-help.po | 2 +- misc/translator/po/sd-PK-staff-prog.po | 1455 ++-- misc/translator/po/sk-SK-opac-bootstrap.po | 157 +- misc/translator/po/sk-SK-pref.po | 38 +- misc/translator/po/sk-SK-staff-help.po | 2 +- misc/translator/po/sk-SK-staff-prog.po | 1507 ++-- misc/translator/po/sl-SI-opac-bootstrap.po | 147 +- misc/translator/po/sl-SI-pref.po | 16 +- misc/translator/po/sl-SI-staff-help.po | 2 +- misc/translator/po/sl-SI-staff-prog.po | 1451 ++-- misc/translator/po/sq-AL-opac-bootstrap.po | 147 +- misc/translator/po/sq-AL-pref.po | 14 +- misc/translator/po/sq-AL-staff-help.po | 2 +- misc/translator/po/sq-AL-staff-prog.po | 1453 ++-- misc/translator/po/sr-Cyrl-opac-bootstrap.po | 147 +- misc/translator/po/sr-Cyrl-pref.po | 14 +- misc/translator/po/sr-Cyrl-staff-help.po | 2 +- misc/translator/po/sr-Cyrl-staff-prog.po | 1459 ++-- misc/translator/po/sv-SE-marc-MARC21.po | 7293 +++++++++++++++++++- misc/translator/po/sv-SE-marc-NORMARC.po | 884 +-- misc/translator/po/sv-SE-marc-UNIMARC.po | 24 +- misc/translator/po/sv-SE-opac-bootstrap.po | 5476 ++++++++++++--- misc/translator/po/sv-SE-staff-help.po | 6471 ++++++++++++++++- misc/translator/po/sv-SE-staff-prog.po | 5028 +++++++------- misc/translator/po/sw-KE-opac-bootstrap.po | 147 +- misc/translator/po/sw-KE-pref.po | 12 +- misc/translator/po/sw-KE-staff-help.po | 2 +- misc/translator/po/sw-KE-staff-prog.po | 1451 ++-- misc/translator/po/ta-LK-opac-bootstrap.po | 147 +- misc/translator/po/ta-LK-pref.po | 16 +- misc/translator/po/ta-LK-staff-help.po | 2 +- misc/translator/po/ta-LK-staff-prog.po | 1459 ++-- misc/translator/po/ta-opac-bootstrap.po | 147 +- misc/translator/po/ta-pref.po | 12 +- misc/translator/po/ta-staff-help.po | 2 +- misc/translator/po/ta-staff-prog.po | 1459 ++-- misc/translator/po/tet-opac-bootstrap.po | 151 +- misc/translator/po/tet-pref.po | 14 +- misc/translator/po/tet-staff-help.po | 2 +- misc/translator/po/tet-staff-prog.po | 1459 ++-- misc/translator/po/th-TH-opac-bootstrap.po | 147 +- misc/translator/po/th-TH-pref.po | 14 +- misc/translator/po/th-TH-staff-help.po | 2 +- misc/translator/po/th-TH-staff-prog.po | 1459 ++-- misc/translator/po/tl-PH-opac-bootstrap.po | 155 +- misc/translator/po/tl-PH-pref.po | 16 +- misc/translator/po/tl-PH-staff-help.po | 2 +- misc/translator/po/tl-PH-staff-prog.po | 1455 ++-- misc/translator/po/tr-TR-opac-bootstrap.po | 157 +- misc/translator/po/tr-TR-pref.po | 36 +- misc/translator/po/tr-TR-staff-help.po | 2 +- misc/translator/po/tr-TR-staff-prog.po | 1498 ++-- misc/translator/po/uk-UA-opac-bootstrap.po | 151 +- misc/translator/po/uk-UA-pref.po | 16 +- misc/translator/po/uk-UA-staff-help.po | 2 +- misc/translator/po/uk-UA-staff-prog.po | 1454 ++-- misc/translator/po/ur-Arab-opac-bootstrap.po | 147 +- misc/translator/po/ur-Arab-pref.po | 14 +- misc/translator/po/ur-Arab-staff-help.po | 2 +- misc/translator/po/ur-Arab-staff-prog.po | 1455 ++-- misc/translator/po/vi-VN-opac-bootstrap.po | 147 +- misc/translator/po/vi-VN-pref.po | 20 +- misc/translator/po/vi-VN-staff-help.po | 2 +- misc/translator/po/vi-VN-staff-prog.po | 1459 ++-- misc/translator/po/zh-Hans-CN-opac-bootstrap.po | 147 +- misc/translator/po/zh-Hans-CN-pref.po | 20 +- misc/translator/po/zh-Hans-CN-staff-help.po | 2 +- misc/translator/po/zh-Hans-CN-staff-prog.po | 1457 ++-- misc/translator/po/zh-Hans-TW-marc-MARC21.po | 16 +- misc/translator/po/zh-Hans-TW-marc-NORMARC.po | 8 +- misc/translator/po/zh-Hans-TW-marc-UNIMARC.po | 56 +- misc/translator/po/zh-Hans-TW-opac-bootstrap.po | 299 +- misc/translator/po/zh-Hans-TW-pref.po | 294 +- misc/translator/po/zh-Hans-TW-staff-help.po | 384 +- misc/translator/po/zh-Hans-TW-staff-prog.po | 2107 +++--- opac/opac-tags_subject.pl | 4 +- reports/borrowers_out.pl | 41 +- t/db_dependent/Auth.t | 35 +- 324 files changed, 87524 insertions(+), 66270 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 09:30:42 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 07:30:42 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.00-84-gf9b7f93 Message-ID: <E1Z7IfK-0002SL-Kk@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via f9b7f93356ebe6c980eadb773124a661020fdf7b (commit) from a02942329b1ec7ddd4cdf7791fb209e3ab070fe5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f9b7f93356ebe6c980eadb773124a661020fdf7b Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Tue Jun 23 19:32:51 2015 +1200 Release notes, txt format ----------------------------------------------------------------------- Summary of changes: misc/release_notes/release_notes_3_20_1.txt | 346 +++++++++++++++++++++++++++ 1 file changed, 346 insertions(+) create mode 100644 misc/release_notes/release_notes_3_20_1.txt hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 09:36:49 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 07:36:49 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01 Message-ID: <E1Z7IlF-0002Xg-Q0@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 2e22ae198cf5867ed4bcb96539cebcaf9085b334 (commit) from f9b7f93356ebe6c980eadb773124a661020fdf7b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2e22ae198cf5867ed4bcb96539cebcaf9085b334 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Tue Jun 23 19:37:51 2015 +1200 Bumping version number ----------------------------------------------------------------------- Summary of changes: Koha.pm | 2 +- installer/data/mysql/updatedatabase.pl | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 09:36:50 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 07:36:50 +0000 Subject: [koha-commits] main Koha release repository annotated tag v3.20.01 created. v3.20.01 Message-ID: <E1Z7IlG-0002Y5-40@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The annotated tag, v3.20.01 has been created at ae05f7b31b99d37f66b9946c70d117274724f47f (tag) tagging 2e22ae198cf5867ed4bcb96539cebcaf9085b334 (commit) replaces v3.20.00 tagged by Chris Cormack on Tue Jun 23 19:38:36 2015 +1200 - Log ----------------------------------------------------------------- Koha Release 3.20.01 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABCAAGBQJViQz8AAoJEG5T+NVYEYs1rG0P/jenpMZ2vNLhwZBtrVqh9Mn0 VO5ZYmZPONlaLDjCof77eAUmR0ZkbvIPYuIwkBTpYZviagYpKX+k2pPHllJ94znb FmZ9w37GNXdL5fRgjF6HQM2Z5KdXME7lqz1pXY434oY8Ejtdh2Z/jUeYLvs8C5Ni g5OsexUncJE4EmnDe3EmCMkSiyo37TsDXNJksau+BYmW230gA0r0OpaYbwoHA5QY kJM2RU1znThPUryNwiquIBhpxpJf9MPFEI+QQ3tPz1LPcDMgi1f0VJ7e2B7ulbI2 KmlEzTK+k004ffaLhVxHpv4qlfcncOpGFJLwkCu41P3ZAeKN/+8x5oL/IiWDxc6L RANXZVrj8ywgjCkzd9KXsoLzZgSkoDprOKfNvcGKxBQ29k7zVJtuOx6GOoQBWcRv AnxooiUQLyPVkmIwDfRm+BCXHtAlbwDuti9p92DtqcE53Iili/gYYCordut7q8LM MrlY4/1VAJiHOCj4TZDvGo7TPTgLEY5h4naekrFju9p0MuFG5LyTKfqj1XDFQV0T EdE1I++3YUaQfy9smD72kNqyGCbn+LAW5o3FBcHIIApDAPBBDfkDsvs3CjiG4uAp yqur5Cq3H+PxfdZ2S1UYQWYJKLJmkUI3G/6OXZestOMEa+9vA8pwgJUbto7TmX/H 8Ee1zf1/DdTst5NMqX8c =U3KY -----END PGP SIGNATURE----- Aleisha (5): Bug 14186: Undefined $reservedfor causes warn in opac-reserve.pl Bug 14185: Undefined $limit causes warn in opac/opac-readingrecord.pl Bug 14184: Undefined $term causes noisy warns in C4/CourseReserves.pm Bug 14360: Unescaped variable causes alert Bug 14360: Unescaped variable causes alert pop-up Bernardo Gonzalez Kriegel (6): Bug 12176: Remove HTML from additem.pl Bug 14275: Remove CGI::scrolling_list from guided_reports.pl Bug 14279: Remove CGI::scrolling_list from issues_avg_stats.pl Bug 14285: Bengali locale needs to be re-defined Bug 14173: Paging on 'recent comments' page in OPAC is not displaying correctly Translation updates for Koha 3.20.1 release Chris (7): Bug 14408: Path Traversal error Bug 14423 : XSS in authorities-home Bug 14423 : XSS bug in lateorders Bug 14423 XSS bug in auth_subfields_structure Bug 14423 : XSS bugs in catalogue search Bug 14423 : Multiple XSS vulnerabilities in serials-search Bug 14423 : Multiple XSS bugs in suggestion.pl Chris Cormack (11): Updating version to 3.20.00.001 Bug 5010 : Updating database to 3.20.00.002 Bug 14416: Stored XSS vulnerability Bug 14416: Stored XSS vulnerability Bug 14418: XSS Vulnerabilities in OPAC search Bug 14418: XSS flaw in opac-shelves.pl Bug 14418: More XSS vulnerabilities in opac-shelves.pl Bug 14412: SQL injection possible Tranlsation updates Release notes, txt format Bumping version number David Cook (2): Bug 14266: Replace trim() with $.trim() in opac-shareshelf.tt Bug 14265 - Use $.trim instead of trim() in admin/categorie.tt Dobrica Pavlinusic (1): Bug 13815 - plack loose CGI qw(-utf8) flag creating incorrect utf-8 encoding everywhere Indranil Das Gupta (4): Bug 14186 [QA Followup]: Undefined $reservedfor causes warn in opac-reserve.pl Bug 14203: Message for non-existent lang removal Bug 14206: Adds delete function for non email templates Bug 14206: Adds test for getletter() call from overdue_notices.pl Jonathan Druart (18): Bug 14266: Trim the email address in the pl script Bug 5010: Fix - replace tab with spaces Bug 12320: Remove deprecated construct to delete cookie holdfor Bug 12320: Remove deprecated construct to delete cookie showColumns Bug 14263: Fix export of item search results when translated Bug 13662: Fix the serials.receive_serials permissions Bug 11790: Remove dependency C4::Context from C4::Charset Bug 10355: paramater 'object' lost on the road Bug 14256: (follow-up) Check for unique constraint to regenerate random data Bug 13265: Use sessionStorage to store searches instead of cookies Bug 9314: Remove useless code related to the type_only parameter Bug 13970: Remove category_type related code Bug 11941: Add link to patron lists from the patron home page Bug 14416: (follow-up) opac addbybilionumber Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet) Bug 14408: Add tests to get_template_and_user Bug 14408: Allow integers in template paths Bug 14426: Escape or use placeholders for sql parameters Josef Moravec (1): Bug 13656: "Change"/"Set to patron" button for linking a member to an organisation (or child to guarantor) not translatable Katrin Fischer (5): Bug 14130: Update columns.def Bug 13946: Change order status 'Pending' to 'Ordered' Bug 14269: OPAC: Some template improvements for the full serial history page Bug 14350: Missing statement in kohastructure.sql - DROP TABLE IF EXISTS borrower_sync Bug 14351: Remove given-when from opac-search.pl Kyle M Hall (4): Bug 12066: New renew page in staff client doesn't record branch in statistics Bug 14142 - Holds queue viewer only displays first subtitle from marc keyword mappings Bug 14299: Today's checkouts not always sorting correctly Bug 14338: Unable to delete patron images Magnus Enger (1): Bug 14025: Fix 865u-links in the OPAC for NORMARC Marc V?ron (3): Bug 11929: patron modification error shows borrowernumber Bug 14313: OPAC - Adding a comment makes result browser disappear Bug 14314: System Preferences: Better explanation for syspref 'ShowReviewerPhoto' Marcel de Rooy (8): Bug 12176: [QA Follow-up] Small additem adjustments Bug 12176: [QA Follow-up] Capitalization typo after eleventh hour Bug 12176: Fix for missing field_value in select Bug 14267: How active is active? Bug 14276: Keep highlight on the active item in item editor Bug 14327: Fix js error "TypeError: events is null" in additem.js Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText Bug 14330: Remove unused email_sender from sendbasket/sendshelf Mark Tompsett (4): Bug 14112: Silence warnings in t/Charset.t Bug 14325: Test calls C4::Context::set_userenv Bug 5010: Fix OPACBaseURL to include protocol Bug 10625: Inventory/Stocktaking tool cannot handle windows file uploads Nicole C. Engard (1): Bug 14291: Fix OpacExportOptions text Tomas Cohen Arazi (3): (RM followup) .mailmap updates Bug 14344: uninitialized value warning C4/Utils/DataTables/Members.pm Bug 14256: Check for unique constraint to regenerate random data Zeno Tajoli (1): Bug 14047: Order z39.50 biblioservers in cataloguing ----------------------------------------------------------------------- hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 10:57:55 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 08:57:55 +0000 Subject: [koha-commits] main Koha release repository branch 3.18.x updated. v3.18.07-65-ga55fd07 Message-ID: <E1Z7K1j-00031k-KA@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.18.x has been updated via a55fd078e907209fb6b588372814909f7e478fab (commit) via e4ec3edf8a952a371a57e9bd6fb1cb2d7956322d (commit) via 814f22e7947bc36a28ebf96418bfce6363414677 (commit) via adc35d736e676746402c5cce5c9c3fe8af68fb01 (commit) via 3e86cb1711dc4bb95c3f3258621fb5b2552ae771 (commit) via b847e4e6d111d3e5e6e115d6f6bd290ef124e13b (commit) via 5de675274633eefed59b95ae3176afcce2c7801d (commit) via e21bf78b8b073d568998da32acb64cae9d4f4edd (commit) via 308c4c4d4685e05f6d6e763bfa785d78f230010b (commit) via eb964ffc9c9974169b4056a8fa937c65a35d8a1d (commit) via 51cd2262c1548c8adaf213d1160d36dd3c1b1980 (commit) via 794fb09fac40408e12504fb67337299e0b30abe9 (commit) via 96047dba2c8f97e5582277b88e047534babe1761 (commit) via 1cc1a9588a26eca84dd4014fde8454107598eb8e (commit) via f462209e86e30e8ea23da67fb367c77c6d33be88 (commit) via 5b03b9716b762a1930aa5d298a163fef7fb76992 (commit) via 358e8e889d8a02d55210d353cd01bbf35d1ddc15 (commit) via 611df7517a2f1fa58c6780463ff56253d908a23d (commit) via 0cba81194f86b1b7fbea9d2ab48fe8c995a3c247 (commit) via a1e0768ceb728f0019086050837884d29e498dfe (commit) from bea822e6333ea3c7038b26619a0b75a62d5e6496 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit a55fd078e907209fb6b588372814909f7e478fab Author: Liz Rea <wizzyrea at gmail.com> Date: Tue Jun 23 20:27:09 2015 +1200 Revert "Bug 13815 - plack loose CGI qw(-utf8) flag creating incorrect utf-8 encoding everywhere" This reverts commit af127c124f1575a96cc3efca7eff0ef9135e88e6. Oops. commit e4ec3edf8a952a371a57e9bd6fb1cb2d7956322d Merge: bea822e 814f22e Author: Liz Rea <wizzyrea at gmail.com> Date: Tue Jun 23 13:41:22 2015 +1200 Merge branch 'security-3.18.x' into rmaint-3.18.x commit 814f22e7947bc36a28ebf96418bfce6363414677 Author: Liz Rea <wizzyrea at gmail.com> Date: Tue Jun 23 13:40:56 2015 +1200 Increment version for 3.18.8 release Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit adc35d736e676746402c5cce5c9c3fe8af68fb01 Author: Liz Rea <wizzyrea at gmail.com> Date: Tue Jun 23 13:28:38 2015 +1200 Update release notes for 3.18.8 release Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 3e86cb1711dc4bb95c3f3258621fb5b2552ae771 Author: Liz Rea <wizzyrea at gmail.com> Date: Tue Jun 23 12:37:09 2015 +1200 Bug 14423 - tab characters in auth_subfields_structure commit b847e4e6d111d3e5e6e115d6f6bd290ef124e13b Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:35:07 2015 +0000 Bug 14423 : Multiple XSS bugs in suggestion.pl To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to= 2/ Notice alert box(es) 3/ Apply patch 4/ Reload and notice alert is gone Repeat for collection_title copyrightdate isbn manageddate_from manageddate_to publishercode suggesteddate_from suggesteddate_to Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 5de675274633eefed59b95ae3176afcce2c7801d Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:20:51 2015 +0000 Bug 14423 : Multiple XSS vulnerabilities in serials-search To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter= 2/ Notice alert boxes 3/ Apply patch 4/ Reload, notice fixed Repeat for callnumber_filter EAN_filter ISSN_filter publisher_filter title_filter Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit e21bf78b8b073d568998da32acb64cae9d4f4edd Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:01:32 2015 +0000 Bug 14423 : XSS bugs in catalogue search To test 1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice alert boxes 3/ Apply patch 4/ Reload url, no alerts 5/ Check search still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 308c4c4d4685e05f6d6e763bfa785d78f230010b Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:46:40 2015 +0000 Bug 14423 : XSS issues in marc_subfields_structure 1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice all the alert boxes 3/ Apply patch 4/ Reload page, no more alerts 5/ Test functionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit eb964ffc9c9974169b4056a8fa937c65a35d8a1d Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:33:13 2015 +0000 Bug 14423 XSS bug in auth_subfields_structure 1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice a ton of alert boxes pop up 3/ Apply patch 4/ Reload url, no longer get any alerts 5/ Test fuctionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 51cd2262c1548c8adaf213d1160d36dd3c1b1980 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:18:20 2015 +0000 Bug 14423 : XSS bug in lateorders 1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom 2/ Not you get an alert box 3/ Apply patch notice it is fixed 4/ Test functionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 794fb09fac40408e12504fb67337299e0b30abe9 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:10:20 2015 +0000 Bug 14423 : XSS in authorities-home To test: 1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice you get 3 alert boxes 3/ Apply patch 4/ Hit the url again, no js Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 96047dba2c8f97e5582277b88e047534babe1761 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Mon Jun 22 10:56:26 2015 +0200 Bug 14426: Escape or use placeholders for sql parameters Does this patch enough to prevent sql injection in borrowers_out.pl? ==================================================================== 1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil') ==================================================================== echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')" | nc testbox 9002 echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')" | nc testbox 9002 ==================================================================== 2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b ==================================================================== echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='a" | nc testbox 9002 echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='b" | nc testbox 9002 ==================================================================== Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit 1cc1a9588a26eca84dd4014fde8454107598eb8e Author: Chris <chris at bigballofwax.co.nz> Date: Mon Jun 22 05:23:52 2015 +0000 Bug 14408 Path Traversal error Counter counter patch Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt and not allowing ../etc Note the previous patch tries to protect against /etc/passwd but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit f462209e86e30e8ea23da67fb367c77c6d33be88 Author: Liz Rea <wizzyrea at gmail.com> Date: Tue Jun 23 09:57:18 2015 +1200 Revert "Bug 14408 Path traversal vulnerability" This reverts commit a1e0768ceb728f0019086050837884d29e498dfe. commit 5b03b9716b762a1930aa5d298a163fef7fb76992 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:41:45 2015 +1200 Bug 14418 : More XSS vulnerabilities in opac-shelves.pl To test: 1/ Hit a url like /cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh noes')</script> Where the id is a valid shelf id 2/ Notice the js is executed 3/ Apply patch 4/ Reload page 5/ Notice input is now escaped on display Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Tested in Debian, couldn't reproduce the alert in Iceweasel, but in Chromium. Patch fixes it. commit 358e8e889d8a02d55210d353cd01bbf35d1ddc15 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:30:22 2015 +1200 Bug 14418 : XSS flaw in opac-shelves.pl To test: 1/ Create a list and add at least one item to it 2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E Where the shelf id is the number of the list you created, notice the js is executed 3/ Apply the patch 4/ Reload the page notice the js is now escaped Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> commit 611df7517a2f1fa58c6780463ff56253d908a23d Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 09:25:22 2015 +1200 Bug 14418 XSS Vulnerabilities Fix for /cgi-bin/koha/opac-search.pl To test 1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script src='http://cst.sba-research.org/x.js'/>&q=a 2/ Notice the js is executed 3/ Apply patch 4/ Reload page, notice it is no longer executed 5/ Test the rss links work still Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed bug and that the patch fixes it. commit 0cba81194f86b1b7fbea9d2ab48fe8c995a3c247 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 08:35:07 2015 +1200 Bug 14412 : SQL injection possible There is a SQL Injection vulnerability in the /cgi-bin/koha/opac-tags_subject.pl script. By manipulating the variable 'number', the database can be accessed via time-based blind injections. The following string serves as an example: /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) To exploit the vulnerability, no authentication is needed To test 1/ Turn on mysql query logging 2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 3/ Check the logs notice something like SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 PROCEDURE ANALYSE (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 4/ Apply patch 5/ Hit the url again 6/ Notice the log now only has SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed the problem and the fix for it. Signed-off-by: Liz Rea <wizzyrea at gmail.com> commit a1e0768ceb728f0019086050837884d29e498dfe Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:12:45 2015 +0200 Bug 14408 Path traversal vulnerability /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 3 + C4/Koha.pm | 2 +- installer/data/mysql/updatedatabase.pl | 7 +- .../prog/en/includes/authorities-search.inc | 6 +- .../prog/en/modules/acqui/lateorders.tt | 6 +- .../en/modules/admin/auth_subfields_structure.tt | 28 +-- .../en/modules/admin/marc_subfields_structure.tt | 28 +-- .../prog/en/modules/catalogue/results.tt | 6 +- .../prog/en/modules/serials/serials-search.tt | 26 +- .../prog/en/modules/suggestion/suggestion.tt | 22 +- .../opac-tmpl/bootstrap/en/modules/opac-results.tt | 4 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 4 +- kohaversion.pl | 2 +- misc/plack/koha.psgi | 12 - ...e_notes_3_18_2.txt => release_notes_3_18_8.txt} | 250 ++++++++++---------- opac/opac-tags_subject.pl | 4 +- reports/borrowers_out.pl | 41 ++-- 17 files changed, 228 insertions(+), 223 deletions(-) copy misc/release_notes/{release_notes_3_18_2.txt => release_notes_3_18_8.txt} (51%) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 10:58:13 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 08:58:13 +0000 Subject: [koha-commits] main Koha release repository annotated tag v3.18.08 created. v3.18.08 Message-ID: <E1Z7K21-00033C-O0@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The annotated tag, v3.18.08 has been created at 77c566779d144dad4e04bf39436cd3c432b5a7fd (tag) tagging e4ec3edf8a952a371a57e9bd6fb1cb2d7956322d (commit) replaces v3.18.07 tagged by Liz Rea on Tue Jun 23 13:46:28 2015 +1200 - Log ----------------------------------------------------------------- Koha release 3.18.08 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJViLp0AAoJEBuNTiU1Z9kHCwoP/168f9AZoQHrc0jofFS9GqAo ovpM8YeLqOvr3N3z+gQLhqHE9NaAt+bajo4BkuuTNkTQFtAbqIG72m+WER8uUyXk rAUj+hPcoRTveUZWAEDyTAxrKSWSgf+6XR2BfPX8LJH2pGxq+oEwsXRANoxOTVZk cCZon0kjAkWajc6V6z81dqH0TA7S79aXZNTlX+00cRJYF8sIklKUIQGao8r89oiB HeVh7cr/BICX+9Ypb92+/WiynpJrxUNmUY2VhOCHt2qUUgQsslepi6BjnKeyZ3VY 1fBaHIVwVnJmXBp/ZlgyesYvWphrL27fOOnVy1uGjXg71tbPUW7HZDnoUkJRdacm EFoAQJ1Lp/skERqUJhWzeDy/FAH3OKWFYEwoGJiYU94wXgbgyrAxs7pZ+7tlcSlX bE5KcmVFZRSXjYzcdPNleYgbc0+ed98wtoSi1pKXu6zn0zXPrR7BdM8zuPJq8YLW 3hb84cc13nHzeWfL7iArHWMCvkkMWT1qM9xebP31NH8GBcayiUQ4JHk3qfK9pTMQ DputWQKJ+/VvDYf/ZXTLGLb9je7MFev56UNxkUcAU7oUGvTabu+eNEaCrqlK8d6J pRGbvKMbLdTxW1ztuGdxJWdQ+9XGBvEO0nTxPu1c3+Un56SZTRn9wn6sJyE1xeFB UWVPUqFlhQ+qxBV/NQAt =t7KL -----END PGP SIGNATURE----- Aleisha (5): Bug 14186: Undefined $reservedfor causes warn in opac-reserve.pl Bug 14185: Undefined $limit causes warn in opac/opac-readingrecord.pl Bug 14184: Undefined $term causes noisy warns in C4/CourseReserves.pm Bug 14360: Unescaped variable causes alert Bug 14360: Unescaped variable causes alert pop-up Bernardo Gonzalez Kriegel (5): Bug 14275: Remove CGI::scrolling_list from guided_reports.pl Bug 14279: Remove CGI::scrolling_list from issues_avg_stats.pl Bug 14285: Bengali locale needs to be re-defined Bug 14173: Paging on 'recent comments' page in OPAC is not displaying correctly Translation updates for Koha 3.18.08 release Chris (8): Bug 14408 Path Traversal error Bug 14423 : XSS in authorities-home Bug 14423 : XSS bug in lateorders Bug 14423 XSS bug in auth_subfields_structure Bug 14423 : XSS issues in marc_subfields_structure Bug 14423 : XSS bugs in catalogue search Bug 14423 : Multiple XSS vulnerabilities in serials-search Bug 14423 : Multiple XSS bugs in suggestion.pl Chris Cormack (4): Bug 14412 : SQL injection possible Bug 14418 XSS Vulnerabilities Bug 14418 : XSS flaw in opac-shelves.pl Bug 14418 : More XSS vulnerabilities in opac-shelves.pl David Cook (2): Bug 14266: Replace trim() with $.trim() in opac-shareshelf.tt Bug 14265 - Use $.trim instead of trim() in admin/categorie.tt Dobrica Pavlinusic (1): Bug 13815 - plack loose CGI qw(-utf8) flag creating incorrect utf-8 encoding everywhere Indranil Das Gupta (4): Bug 14186 [QA Followup]: Undefined $reservedfor causes warn in opac-reserve.pl Bug 14203: Message for non-existent lang removal Bug 14206: Adds delete function for non email templates Bug 14206: Adds test for getletter() call from overdue_notices.pl Jonathan Druart (7): Bug 14266: Trim the email address in the pl script Bug 11790: Remove dependency C4::Context from C4::Charset Bug 10355: paramater 'object' lost on the road Bug 13265: Use sessionStorage to store searches instead of cookies Bug 11941: Add link to patron lists from the patron home page Bug 14408 Path traversal vulnerability Bug 14426: Escape or use placeholders for sql parameters Katrin Fischer (3): Bug 14130: Update columns.def Bug 13946: Change order status 'Pending' to 'Ordered' Bug 14350: Missing statement in kohastructure.sql - DROP TABLE IF EXISTS borrower_sync Kyle M Hall (3): Bug 12066: New renew page in staff client doesn't record branch in statistics Bug 14299: Today's checkouts not always sorting correctly Bug 14338: Unable to delete patron images Liz Rea (7): Revert "Bug 14112: Silence warnings in t/Charset.t" Updating database to version 3.18.07.001 Revert "Bug 14408 Path traversal vulnerability" Bug 14423 - tab characters in auth_subfields_structure Update release notes for 3.18.8 release Increment version for 3.18.8 release Merge branch 'security-3.18.x' into rmaint-3.18.x Magnus Enger (1): Bug 14025: Fix 865u-links in the OPAC for NORMARC Marc V?ron (2): Bug 11929: patron modification error shows borrowernumber Bug 14314: System Preferences: Better explanation for syspref 'ShowReviewerPhoto' Marcel de Rooy (4): Bug 14276: Keep highlight on the active item in item editor Bug 14327: Fix js error "TypeError: events is null" in additem.js Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText Bug 14330: Remove unused email_sender from sendbasket/sendshelf Mark Tompsett (3): Bug 14112: Silence warnings in t/Charset.t Bug 14112: Silence warnings in t/Charset.t Bug 10625: Inventory/Stocktaking tool cannot handle windows file uploads Robin Sheat (2): Bug 14106: fill up the zebra config with a list of modulePaths Bug 14106: patch existing zebra configs with new modulePath Tomas Cohen Arazi (2): Bug 14106: (QA followup) avoid failures if no instances created Bug 14344: uninitialized value warning C4/Utils/DataTables/Members.pm Zeno Tajoli (1): Bug 14047: Order z39.50 biblioservers in cataloguing ----------------------------------------------------------------------- hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 11:10:59 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 09:10:59 +0000 Subject: [koha-commits] main Koha release repository branch 3.18.x updated. v3.18.08-2-gc4d16bb Message-ID: <E1Z7KEN-00039V-Ke@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.18.x has been updated via c4d16bba029e3065a763d093cf8614bea5d849ed (commit) from a55fd078e907209fb6b588372814909f7e478fab (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c4d16bba029e3065a763d093cf8614bea5d849ed Author: Liz Rea <wizzyrea at gmail.com> Date: Tue Jun 23 21:13:13 2015 +1200 Minor release note update ----------------------------------------------------------------------- Summary of changes: misc/release_notes/release_notes_3_18_8.txt | 36 +++++++++++++++++++-------- 1 file changed, 25 insertions(+), 11 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 11:23:09 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 09:23:09 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-6-g4631b30 Message-ID: <E1Z7KQ9-0003Im-WA@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via 4631b30b2fa4d379a09db4b7822753ade29b6df8 (commit) via 421a60165cd0125faf0d60e2e10701fa611d474b (commit) via 1eb576ec759da21cc5abe8217ae98303101afd6a (commit) from 314f4696e2612b051968dcb42cf9cc613ad0361c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4631b30b2fa4d379a09db4b7822753ade29b6df8 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 11:21:56 2015 +0200 Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet) Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 542b06f065bf550a2a625bbfb34ce73bb65d01a1) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit afb00d13904052c71497834761e81996bc5f3d36) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit 421a60165cd0125faf0d60e2e10701fa611d474b Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 11:21:47 2015 +0200 Bug 14416: (follow-up) opac addbybilionumber Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit abd2bc99e886c11fa9abe15ef01c3298d00757cb) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit 1ba766f200fd693665e942d9bee86c327893a9bb) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit 1eb576ec759da21cc5abe8217ae98303101afd6a Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:26:02 2015 +1200 Bug 14416: Stored XSS vulnerability opac-addbybiblionumber.pl is also vulnerable because it doesn't escape list names. To test 1/ Create a malicious list name 2/ Try to add a biblio to the lists 3/ Notice js is excuted 4/ Apply patch 5/ Test again Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit fb51a4bb0f3ac8b42b53579fe3d6d73d0b3438cd) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit 20910660a27f61307153afa05c13d67b1b5e91af) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> ----------------------------------------------------------------------- Summary of changes: .../prog/en/modules/virtualshelves/addbybiblionumber.tt | 8 ++++---- .../opac-tmpl/bootstrap/en/modules/opac-addbybiblionumber.tt | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 11:26:07 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 09:26:07 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-7-g3e6ad12 Message-ID: <E1Z7KT1-0003LE-7P@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via 3e6ad12ee87e8905f042091ae5d324524412f5d0 (commit) from 4631b30b2fa4d379a09db4b7822753ade29b6df8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3e6ad12ee87e8905f042091ae5d324524412f5d0 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 08:35:07 2015 +1200 Bug 14412: SQL injection possible There is a SQL Injection vulnerability in the /cgi-bin/koha/opac-tags_subject.pl script. By manipulating the variable 'number', the database can be accessed via time-based blind injections. The following string serves as an example: /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) To exploit the vulnerability, no authentication is needed To test 1/ Turn on mysql query logging 2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 3/ Check the logs notice something like SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 PROCEDURE ANALYSE (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 4/ Apply patch 5/ Hit the url again 6/ Notice the log now only has SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed the problem and the fix for it. Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 57b01fb655955ac630d6018d03f4d134e7e3e25a) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit b414b22bf063d58e0e2255a648097cf9111ab445) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> ----------------------------------------------------------------------- Summary of changes: opac/opac-tags_subject.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 11:36:55 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 09:36:55 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-9-gb5a0d0a Message-ID: <E1Z7KdT-0003Sk-6I@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via b5a0d0a72b2f7ee263184ec98a7ce1dd14b26315 (commit) via 47daa3e4a8f0e71585957ccffa1f7ed1ea62df6c (commit) from 3e6ad12ee87e8905f042091ae5d324524412f5d0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b5a0d0a72b2f7ee263184ec98a7ce1dd14b26315 Author: Aleisha <aleishaamohia at hotmail.com> Date: Tue Jun 9 02:02:55 2015 +0000 Bug 14360: Unescaped variable causes alert pop-up To test: 1) Create a list in the OPAC, name it: <script>alert('Hello');</script> 2) Delete the list 3) Confirm deletion 4) See the alert say 'Hello' 5) Apply patch 6) Recreate list with same name 7) Delete list 8) Confirm deletion and alert no longer pops up Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 9bef8f8738492564af7da78cba841366c70ada3c) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit cab96a3c8c4cf1827bf3350107e82da75b8b8856) commit 47daa3e4a8f0e71585957ccffa1f7ed1ea62df6c Author: Aleisha <aleishaamohia at hotmail.com> Date: Mon Jun 8 02:30:23 2015 +0000 Bug 14360: Unescaped variable causes alert Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert. To test: 1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 2) Notice pop-up box with alert 3) Apply patch, refresh page 4) Notice alert is gone Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at gmail.com> (cherry picked from commit 9e920f7479df6d36db3e3450d6e6c2524fa9fe56) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit ff0281d40ad9bcff563a595082b051dd4304ffc2) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> Conflicts: koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authoritiessearchresultlist.tt ----------------------------------------------------------------------- Summary of changes: .../bootstrap/en/modules/opac-authoritiessearchresultlist.tt | 6 +++--- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 11:51:29 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 09:51:29 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-11-gb9ebf70 Message-ID: <E1Z7KrZ-0003al-NT@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via b9ebf70d9583d761d8db9eaf503ebe9498bc01e0 (commit) via f62614fc091ba5b929189d12be10eae2643357d7 (commit) from b5a0d0a72b2f7ee263184ec98a7ce1dd14b26315 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b9ebf70d9583d761d8db9eaf503ebe9498bc01e0 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:41:45 2015 +1200 Bug 14418: More XSS vulnerabilities in opac-shelves.pl To test: 1/ Hit a url like /cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh noes')</script> Where the id is a valid shelf id 2/ Notice the js is executed 3/ Apply patch 4/ Reload page 5/ Notice input is now escaped on display Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Tested in Debian, couldn't reproduce the alert in Iceweasel, but in Chromium. Patch fixes it. Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit cd4c959f7226b060f683f5571f030cc2df7539ca) (cherry picked from commit f9569612b65798dce457b5650a5b5162b80b12e8) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit f62614fc091ba5b929189d12be10eae2643357d7 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 09:25:22 2015 +1200 Bug 14418: XSS Vulnerabilities in OPAC search Fix for /cgi-bin/koha/opac-search.pl To test 1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script src='http://cst.sba-research.org/x.js'/>&q=a 2/ Notice the js is executed 3/ Apply patch 4/ Reload page, notice it is no longer executed 5/ Test the rss links work still Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed bug and that the patch fixes it. Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 45dd7754019e8f525c8d52bf33c41016e5ccbfab) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit 21cc992e7e5a35ccf1b7614cae638c9863e2a35f) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> Conflicts: koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt ----------------------------------------------------------------------- Summary of changes: koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt | 6 +++--- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 14:16:05 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 12:16:05 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-15-g4e1b447 Message-ID: <E1Z7N7V-0004dl-QH@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via 4e1b447b4cd9e4781b03fbf78fe027ca80580a33 (commit) via 253b6f1f51cc73f36829658be5c8d905b2e36909 (commit) via 656b2dc36c324b7368c4541ff6288c9451a774bb (commit) via 2870086da0070dad38bdb4a22be9e07dd1c8c713 (commit) from b9ebf70d9583d761d8db9eaf503ebe9498bc01e0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 4e1b447b4cd9e4781b03fbf78fe027ca80580a33 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 14:09:06 2015 +0200 Bug 14408: Allow tmpl and empty in template paths commit 253b6f1f51cc73f36829658be5c8d905b2e36909 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Mon Jun 22 10:24:51 2015 +0200 Bug 14408: Allow integers in template paths Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit 64e47c63dc59669c3c651b93630c470e06107fd6) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit beedae80631f0f34be341274ee63c6b0aeeb75d6) Conflicts: C4/Auth.pm t/db_dependent/Auth.t commit 656b2dc36c324b7368c4541ff6288c9451a774bb Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:25:30 2015 +0200 Bug 14408: Add tests to get_template_and_user Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit 5dd7c8f0d5fae67ea6177fdbac77a04f70661864) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit bb5f6b4bfa20800ab36fdf899838e8adb18089dd) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> Conflicts: t/db_dependent/Auth.t commit 2870086da0070dad38bdb4a22be9e07dd1c8c713 Author: Chris <chris at bigballofwax.co.nz> Date: Mon Jun 22 05:23:52 2015 +0000 Bug 14408: Path Traversal error Counter counter patch Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt and not allowing ../etc Note the previous patch tries to protect against /etc/passwd but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit 5a7f459290326e1cea8460bb0817492340dd4150) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit 364de7531c7b0ac604d396e3af1c84f674e7221e) Conflicts: C4/Auth.pm ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 3 +++ t/db_dependent/Auth.t | 35 ++++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 1 deletion(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 14:23:04 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 12:23:04 +0000 Subject: [koha-commits] main Koha release repository branch 3.16.x updated. v3.16.11-20-gb8443a3 Message-ID: <E1Z7NEG-0004iA-1e@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.16.x has been updated via b8443a35f66f0122b2478c7c4d78d4de3bc58aa3 (commit) via 46ca6321f15631ee58a2422fce86713a92ea2cfb (commit) via 39e1a0107f9228381ac78ae8daeeb241c3249536 (commit) via f59fbdbef1f79e0940305d7d153ae22121d1004b (commit) via fce867ca00ca89f5253f909171f108366b33de28 (commit) via 3336fbf142e6a8cfc767fdf137b9a437a83ddce0 (commit) via d5421fc0df1620165b714fbc2331200170e7a204 (commit) via 56f18e9e70214e7e91a42dff5ae2b3caea7911d6 (commit) via bfa7ae568706ef4c35a0a2130e1366d679b9ef87 (commit) via f21934e03dac776f12ff598b70152f20be98914c (commit) via e8a3febfe7050870116db0512e1a39690a72346c (commit) via 0b7647eff31c85d8f7e1e5a50fd82d3b94eec816 (commit) via 1383f2798206ab323513221d0930949a63e18c25 (commit) via 4c694a05934a893f334fe546522b62a3ac33d525 (commit) via 697fd4472d1dea6f5ad1e46294aaf3da4f0b3986 (commit) via 2301be80b1be5213bcd265d221f0303f43b1e5ff (commit) via 01038a03d49b42beefe480906ab1b7c9547f3f51 (commit) via 336264936a81a971dfb2fdc1a687d03b61a01a86 (commit) via 4a414a044d1792baa6a588c275b7c74ad07833e4 (commit) via 7cc24ec5e533ed750be02899d9fdc16b1396880e (commit) from e00e451b6e06f615426d03e6933a3f3404b32ace (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit b8443a35f66f0122b2478c7c4d78d4de3bc58aa3 Author: Mason James <mtj at kohaaloha.com> Date: Wed Jun 24 00:19:27 2015 +1200 Add release notes for 3.16.12 commit 46ca6321f15631ee58a2422fce86713a92ea2cfb Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Date: Mon Jun 22 22:08:56 2015 -0300 Translation updates for Koha 3.16.12 release Bengali files renamed, ben -> bn-IN commit 39e1a0107f9228381ac78ae8daeeb241c3249536 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:35:07 2015 +0000 Bug 14423 : Multiple XSS bugs in suggestion.pl To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to= 2/ Notice alert box(es) 3/ Apply patch 4/ Reload and notice alert is gone Repeat for collection_title copyrightdate isbn manageddate_from manageddate_to publishercode suggesteddate_from suggesteddate_to commit f59fbdbef1f79e0940305d7d153ae22121d1004b Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:20:51 2015 +0000 Bug 14423 : Multiple XSS vulnerabilities in serials-search To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter= 2/ Notice alert boxes 3/ Apply patch 4/ Reload, notice fixed Repeat for callnumber_filter EAN_filter ISSN_filter publisher_filter title_filter Signed-off-by: Mason James <mtj at kohaaloha.com> commit fce867ca00ca89f5253f909171f108366b33de28 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:01:32 2015 +0000 Bug 14423 : XSS bugs in catalogue search To test 1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice alert boxes 3/ Apply patch 4/ Reload url, no alerts 5/ Check search still works Signed-off-by: Mason James <mtj at kohaaloha.com> commit 3336fbf142e6a8cfc767fdf137b9a437a83ddce0 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:46:40 2015 +0000 Bug 14423 : XSS issues in marc_subfields_structure 1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice all the alert boxes 3/ Apply patch 4/ Reload page, no more alerts 5/ Test functionality still works Signed-off-by: Mason James <mtj at kohaaloha.com> commit d5421fc0df1620165b714fbc2331200170e7a204 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:33:13 2015 +0000 Bug 14423 XSS bug in auth_subfields_structure 1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice a ton of alert boxes pop up 3/ Apply patch 4/ Reload url, no longer get any alerts 5/ Test fuctionality still works Signed-off-by: Mason James <mtj at kohaaloha.com> commit 56f18e9e70214e7e91a42dff5ae2b3caea7911d6 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:18:20 2015 +0000 Bug 14423 : XSS bug in lateorders 1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom 2/ Not you get an alert box 3/ Apply patch notice it is fixed 4/ Test functionality still works Signed-off-by: Mason James <mtj at kohaaloha.com> commit bfa7ae568706ef4c35a0a2130e1366d679b9ef87 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:10:20 2015 +0000 Bug 14423 : XSS in authorities-home To test: 1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice you get 3 alert boxes 3/ Apply patch 4/ Hit the url again, no js Signed-off-by: Mason James <mtj at kohaaloha.com> commit f21934e03dac776f12ff598b70152f20be98914c Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 08:35:07 2015 +1200 Bug 14412 : SQL injection possible There is a SQL Injection vulnerability in the /cgi-bin/koha/opac-tags_subject.pl script. By manipulating the variable 'number', the database can be accessed via time-based blind injections. The following string serves as an example: /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) To exploit the vulnerability, no authentication is needed To test 1/ Turn on mysql query logging 2/ Hit /cgi-bin/koha/opac-tags_subject.pl?number=1+PROCEDURE+ANALYSE+(EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 3/ Check the logs notice something like SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 PROCEDURE ANALYSE (EXTRACTVALUE(9743,CONCAT(0x5c,(BENCHMARK(5000000,MD5('evil'))))),1) 4/ Apply patch 5/ Hit the url again 6/ Notice the log now only has SELECT entry,weight FROM tags ORDER BY weight DESC LIMIT 1 Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed the problem and the fix for it. Signed-off-by: Mason James <mtj at kohaaloha.com> commit e8a3febfe7050870116db0512e1a39690a72346c Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:25:30 2015 +0200 Bug 14408: Add tests to get_template_and_user Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Mason James <mtj at kohaaloha.com> commit 0b7647eff31c85d8f7e1e5a50fd82d3b94eec816 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:12:45 2015 +0200 Bug 14408 Path traversal vulnerability /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Mason James <mtj at kohaaloha.com> commit 1383f2798206ab323513221d0930949a63e18c25 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 11:21:56 2015 +0200 Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet) Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Mason James <mtj at kohaaloha.com> commit 4c694a05934a893f334fe546522b62a3ac33d525 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 11:21:47 2015 +0200 Bug 14416: (follow-up) opac addbybilionumber Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Mason James <mtj at kohaaloha.com> commit 697fd4472d1dea6f5ad1e46294aaf3da4f0b3986 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:26:02 2015 +1200 Bug 14416 Stored XSS vulnerability opac-addbybiblionumber.pl is also vulnerable because it doesn't escape list names. To test 1/ Create a malicious list name 2/ Try to add a biblio to the lists 3/ Notice js is excuted 4/ Apply patch 5/ Test again Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Mason James <mtj at kohaaloha.com> commit 2301be80b1be5213bcd265d221f0303f43b1e5ff Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:41:45 2015 +1200 Bug 14418 : More XSS vulnerabilities in opac-shelves.pl To test: 1/ Hit a url like /cgi-bin/koha/opac-shelves.pl?viewshelf=7&op=modif&display="><script>alert('oh noes')</script> Where the id is a valid shelf id 2/ Notice the js is executed 3/ Apply patch 4/ Reload page 5/ Notice input is now escaped on display Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Tested in Debian, couldn't reproduce the alert in Iceweasel, but in Chromium. Patch fixes it. commit 01038a03d49b42beefe480906ab1b7c9547f3f51 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 11:30:22 2015 +1200 Bug 14418 : XSS flaw in opac-shelves.pl To test: 1/ Create a list and add at least one item to it 2/ Hit a url like http://192.168.2.18/cgi-bin/koha/opac-shelves.pl?viewshelf=7&sort=author&direction=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E Where the shelf id is the number of the list you created, notice the js is executed 3/ Apply the patch 4/ Reload the page notice the js is now escaped Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> commit 336264936a81a971dfb2fdc1a687d03b61a01a86 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 19 09:25:22 2015 +1200 Bug 14418 XSS Vulnerabilities Fix for /cgi-bin/koha/opac-search.pl To test 1/ Hit /cgi-bin/koha/opac-search.pl?tag="><script src='http://cst.sba-research.org/x.js'/>&q=a 2/ Notice the js is executed 3/ Apply patch 4/ Reload page, notice it is no longer executed 5/ Test the rss links work still Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Confirmed bug and that the patch fixes it. Signed-off-by: Mason James <mtj at kohaaloha.com> commit 4a414a044d1792baa6a588c275b7c74ad07833e4 Author: Aleisha <aleishaamohia at hotmail.com> Date: Tue Jun 9 02:02:55 2015 +0000 Bug 14360: Unescaped variable causes alert pop-up To test: 1) Create a list in the OPAC, name it: <script>alert('Hello');</script> 2) Delete the list 3) Confirm deletion 4) See the alert say 'Hello' 5) Apply patch 6) Recreate list with same name 7) Delete list 8) Confirm deletion and alert no longer pops up Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Mason James <mtj at kohaaloha.com> commit 7cc24ec5e533ed750be02899d9fdc16b1396880e Author: Aleisha <aleishaamohia at hotmail.com> Date: Mon Jun 8 02:30:23 2015 +0000 Bug 14360: Unescaped variable causes alert Adding |html to [% resultsperpage %] to escape the variable and get rid of the alert. To test: 1) Go to URL such as ... /cgi-bin/koha/opac-authorities-home.pl?op=do_search&resultsperpage=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E 2) Notice pop-up box with alert 3) Apply patch, refresh page 4) Notice alert is gone Signed-off-by: Katrin Fischer <Katrin.Fischer.83 at web.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Mason James <mtj at kohaaloha.com> ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 4 + .../prog/en/includes/authorities-search.inc | 6 +- .../prog/en/modules/acqui/lateorders.tt | 6 +- .../en/modules/admin/auth_subfields_structure.tt | 28 +- .../en/modules/admin/marc_subfields_structure.tt | 28 +- .../prog/en/modules/catalogue/results.tt | 6 +- .../prog/en/modules/serials/serials-search.tt | 26 +- .../prog/en/modules/suggestion/suggestion.tt | 22 +- .../en/modules/virtualshelves/addbybiblionumber.tt | 8 +- .../bootstrap/en/modules/opac-addbybiblionumber.tt | 8 +- .../en/modules/opac-authoritiessearchresultlist.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-results.tt | 6 +- .../opac-tmpl/bootstrap/en/modules/opac-shelves.tt | 8 +- ...tes_3_16_11.html => release_notes_3_16_12.html} | 161 +- ..._notes_3_16_5.txt => release_notes_3_16_12.txt} | 94 +- .../po/am-Ethi-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/am-Ethi-opac-bootstrap.po | 2 +- .../po/ar-Arab-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ar-Arab-opac-bootstrap.po | 2 +- .../po/az-AZ-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/az-AZ-opac-bootstrap.po | 2 +- .../po/be-BY-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/be-BY-opac-bootstrap.po | 2 +- .../po/bg-Cyrl-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/bg-Cyrl-opac-bootstrap.po | 2 +- ...3006000.po => bn-IN-i-opac-t-prog-v-3006000.po} | 0 ...006000.po => bn-IN-i-staff-t-prog-v-3006000.po} | 2 +- ...n-opac-bootstrap.po => bn-IN-opac-bootstrap.po} | 2 +- .../po/{ben-opac-ccsr.po => bn-IN-opac-ccsr.po} | 0 misc/translator/po/{ben-pref.po => bn-IN-pref.po} | 0 .../po/{ben-staff-help.po => bn-IN-staff-help.po} | 0 .../po/ca-ES-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ca-ES-opac-bootstrap.po | 2 +- .../translator/po/cs-CZ-i-opac-t-prog-v-3006000.po | 2061 +--- .../po/cs-CZ-i-staff-t-prog-v-3006000.po | 5391 ++------- misc/translator/po/cs-CZ-opac-bootstrap.po | 2058 +--- misc/translator/po/cs-CZ-opac-ccsr.po | 62 +- misc/translator/po/cs-CZ-pref.po | 40 +- misc/translator/po/cs-CZ-staff-help.po |11810 +++++------------- .../po/da-DK-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/da-DK-opac-bootstrap.po | 2 +- .../po/de-CH-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/de-CH-opac-bootstrap.po | 2 +- .../translator/po/de-DE-i-opac-t-prog-v-3006000.po | 2672 ++-- .../po/de-DE-i-staff-t-prog-v-3006000.po | 5867 +++------ misc/translator/po/de-DE-opac-bootstrap.po | 2723 ++--- misc/translator/po/de-DE-opac-ccsr.po | 68 +- misc/translator/po/de-DE-pref.po | 2 +- misc/translator/po/de-DE-staff-help.po | 45 +- .../po/el-GR-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/el-GR-opac-bootstrap.po | 2 +- .../po/en-GB-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/en-GB-opac-bootstrap.po | 2 +- .../po/en-NZ-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/en-NZ-opac-bootstrap.po | 2 +- misc/translator/po/eo-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/eo-opac-bootstrap.po | 2 +- .../translator/po/es-ES-i-opac-t-prog-v-3006000.po | 2799 ++--- .../po/es-ES-i-staff-t-prog-v-3006000.po | 6056 +++------- misc/translator/po/es-ES-opac-bootstrap.po | 2891 ++--- misc/translator/po/es-ES-opac-ccsr.po | 89 +- misc/translator/po/es-ES-pref.po | 26 +- misc/translator/po/es-ES-staff-help.po |12731 +++++--------------- misc/translator/po/eu-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/eu-opac-bootstrap.po | 2 +- .../po/fa-Arab-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/fa-Arab-opac-bootstrap.po | 2 +- .../po/fi-FI-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/fi-FI-opac-bootstrap.po | 2 +- .../po/fo-FO-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/fo-FO-opac-bootstrap.po | 2 +- .../po/fr-CA-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/fr-CA-opac-bootstrap.po | 2 +- .../po/fr-FR-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/fr-FR-opac-bootstrap.po | 2 +- misc/translator/po/gl-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/gl-opac-bootstrap.po | 2 +- .../po/he-Hebr-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/he-Hebr-opac-bootstrap.po | 2 +- misc/translator/po/hi-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/hi-opac-bootstrap.po | 2 +- .../po/hr-HR-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/hr-HR-opac-bootstrap.po | 2 +- .../po/hu-HU-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/hu-HU-opac-bootstrap.po | 2 +- .../po/hy-Armn-i-opac-t-prog-v-3006000.po | 2835 ++--- .../po/hy-Armn-i-staff-t-prog-v-3006000.po | 5462 ++------- misc/translator/po/hy-Armn-opac-bootstrap.po | 2907 ++--- misc/translator/po/hy-Armn-opac-ccsr.po | 97 +- misc/translator/po/hy-Armn-pref.po | 2 +- misc/translator/po/hy-Armn-staff-help.po |12340 +++++-------------- .../po/id-ID-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/id-ID-opac-bootstrap.po | 2 +- .../po/is-IS-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/is-IS-opac-bootstrap.po | 2 +- .../translator/po/it-IT-i-opac-t-prog-v-3006000.po | 2871 ++--- .../po/it-IT-i-staff-t-prog-v-3006000.po | 5696 ++------- misc/translator/po/it-IT-opac-bootstrap.po | 2809 ++--- misc/translator/po/it-IT-opac-ccsr.po | 107 +- misc/translator/po/it-IT-pref.po | 2 +- misc/translator/po/it-IT-staff-help.po | 8 +- .../po/ja-Jpan-JP-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ja-Jpan-JP-opac-bootstrap.po | 2 +- .../po/km-KH-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/km-KH-opac-bootstrap.po | 2 +- .../po/kn-Knda-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/kn-Knda-opac-bootstrap.po | 2 +- .../po/ko-Kore-KP-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ko-Kore-KP-opac-bootstrap.po | 2 +- .../po/ku-Arab-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ku-Arab-opac-bootstrap.po | 2 +- .../po/lo-Laoo-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/lo-Laoo-opac-bootstrap.po | 2 +- .../po/mi-NZ-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/mi-NZ-opac-bootstrap.po | 2 +- misc/translator/po/mon-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/mon-opac-bootstrap.po | 2 +- misc/translator/po/mr-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/mr-opac-bootstrap.po | 2 +- .../po/ms-MY-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ms-MY-opac-bootstrap.po | 2 +- .../po/nb-NO-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/nb-NO-opac-bootstrap.po | 2 +- .../po/ne-NE-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ne-NE-opac-bootstrap.po | 2 +- .../po/nl-BE-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/nl-BE-opac-bootstrap.po | 2 +- .../po/nl-NL-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/nl-NL-opac-bootstrap.po | 2 +- .../po/nn-NO-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/nn-NO-opac-bootstrap.po | 2 +- misc/translator/po/pbr-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/pbr-opac-bootstrap.po | 2 +- .../translator/po/pl-PL-i-opac-t-prog-v-3006000.po | 24 +- .../po/pl-PL-i-staff-t-prog-v-3006000.po | 20 +- misc/translator/po/pl-PL-opac-bootstrap.po | 26 +- misc/translator/po/prs-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/prs-opac-bootstrap.po | 2 +- .../po/pt-BR-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/pt-BR-opac-bootstrap.po | 2 +- .../po/pt-PT-i-staff-t-prog-v-3006000.po | 43 +- misc/translator/po/pt-PT-opac-bootstrap.po | 21 +- .../po/ro-RO-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ro-RO-opac-bootstrap.po | 2 +- .../po/ru-RU-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ru-RU-opac-bootstrap.po | 2 +- .../po/rw-RW-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/rw-RW-opac-bootstrap.po | 2 +- .../po/sd-PK-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/sd-PK-opac-bootstrap.po | 2 +- .../translator/po/sk-SK-i-opac-t-prog-v-3006000.po | 2150 +--- .../po/sk-SK-i-staff-t-prog-v-3006000.po | 5322 ++------ misc/translator/po/sk-SK-opac-bootstrap.po | 2233 +--- misc/translator/po/sk-SK-opac-ccsr.po | 95 +- misc/translator/po/sk-SK-pref.po | 12 +- misc/translator/po/sk-SK-staff-help.po |11939 +++++------------- .../po/sl-SI-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/sl-SI-opac-bootstrap.po | 2 +- .../po/sq-AL-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/sq-AL-opac-bootstrap.po | 2 +- .../po/sr-Cyrl-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/sr-Cyrl-opac-bootstrap.po | 2 +- .../po/sv-SE-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/sv-SE-opac-bootstrap.po | 2 +- .../po/sw-KE-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/sw-KE-opac-bootstrap.po | 2 +- .../po/ta-LK-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ta-LK-opac-bootstrap.po | 2 +- misc/translator/po/ta-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ta-opac-bootstrap.po | 2 +- misc/translator/po/tet-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/tet-opac-bootstrap.po | 2 +- .../po/th-TH-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/th-TH-opac-bootstrap.po | 2 +- .../po/tl-PH-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/tl-PH-opac-bootstrap.po | 2 +- .../translator/po/tr-TR-i-opac-t-prog-v-3006000.po | 3220 ++--- .../po/tr-TR-i-staff-t-prog-v-3006000.po | 5599 ++------- misc/translator/po/tr-TR-opac-bootstrap.po | 3185 ++--- misc/translator/po/tr-TR-opac-ccsr.po | 100 +- misc/translator/po/tr-TR-pref.po | 24 +- misc/translator/po/tr-TR-staff-help.po |12504 +++++-------------- .../po/uk-UA-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/uk-UA-opac-bootstrap.po | 2 +- .../po/ur-Arab-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/ur-Arab-opac-bootstrap.po | 2 +- .../po/vi-VN-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/vi-VN-opac-bootstrap.po | 2 +- .../po/zh-Hans-CN-i-staff-t-prog-v-3006000.po | 2 +- misc/translator/po/zh-Hans-CN-opac-bootstrap.po | 2 +- .../po/zh-Hans-TW-i-opac-t-prog-v-3006000.po | 6 +- .../po/zh-Hans-TW-i-staff-t-prog-v-3006000.po | 50 +- misc/translator/po/zh-Hans-TW-opac-bootstrap.po | 10 +- opac/opac-tags_subject.pl | 4 +- t/db_dependent/Auth.t | 23 +- 195 files changed, 34313 insertions(+), 105489 deletions(-) copy misc/release_notes/{release_notes_3_16_11.html => release_notes_3_16_12.html} (52%) copy misc/release_notes/{release_notes_3_16_5.txt => release_notes_3_16_12.txt} (74%) rename misc/translator/po/{ben-i-opac-t-prog-v-3006000.po => bn-IN-i-opac-t-prog-v-3006000.po} (100%) rename misc/translator/po/{ben-i-staff-t-prog-v-3006000.po => bn-IN-i-staff-t-prog-v-3006000.po} (99%) rename misc/translator/po/{ben-opac-bootstrap.po => bn-IN-opac-bootstrap.po} (99%) rename misc/translator/po/{ben-opac-ccsr.po => bn-IN-opac-ccsr.po} (100%) rename misc/translator/po/{ben-pref.po => bn-IN-pref.po} (100%) rename misc/translator/po/{ben-staff-help.po => bn-IN-staff-help.po} (100%) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 14:24:07 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 12:24:07 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-16-g5331865 Message-ID: <E1Z7NFH-0004kF-Iz@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via 533186576bf8885eda8b39cb61bb72388a4d9545 (commit) from 4e1b447b4cd9e4781b03fbf78fe027ca80580a33 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 533186576bf8885eda8b39cb61bb72388a4d9545 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Mon Jun 22 10:56:26 2015 +0200 Bug 14426: Escape or use placeholders for sql parameters Does this patch enough to prevent sql injection in borrowers_out.pl? ==================================================================== 1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil') ==================================================================== echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')" | nc testbox 9002 echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')" | nc testbox 9002 ==================================================================== 2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b ==================================================================== echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='a" | nc testbox 9002 echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='b" | nc testbox 9002 ==================================================================== Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit f260c56838d5c914831b7de1171df11fa5714ce1) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> ----------------------------------------------------------------------- Summary of changes: reports/borrowers_out.pl | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 14:44:40 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 12:44:40 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-22-g9109515 Message-ID: <E1Z7NZA-0004xe-En@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via 910951512bd240df36ab18f3eb083afe0d75dfaf (commit) via 9e704e2b289dc8a9e90108b2d2a5c9266c347171 (commit) via 94c70537c62e25ac0ed8a5cb71c10c3315653e2d (commit) via 735ec07ca761dced366adc2711fb266bbc150099 (commit) via ebc7b2a033d7a80e09dbb0cb51c83029f505d3fc (commit) via 1c82ddcaad2197a372fcc021b18548a3801440ab (commit) from 533186576bf8885eda8b39cb61bb72388a4d9545 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 910951512bd240df36ab18f3eb083afe0d75dfaf Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:35:07 2015 +0000 Bug 14423 : Multiple XSS bugs in suggestion.pl To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to= 2/ Notice alert box(es) 3/ Apply patch 4/ Reload and notice alert is gone Repeat for collection_title copyrightdate isbn manageddate_from manageddate_to publishercode suggesteddate_from suggesteddate_to Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit a4310e870247cb57cb1cbca55fed749d63469dcf) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit 9e704e2b289dc8a9e90108b2d2a5c9266c347171 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:20:51 2015 +0000 Bug 14423 : Multiple XSS vulnerabilities in serials-search To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter= 2/ Notice alert boxes 3/ Apply patch 4/ Reload, notice fixed Repeat for callnumber_filter EAN_filter ISSN_filter publisher_filter title_filter Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit bab7a33c2d6b4774dd96af1d10f72620802e9b4e) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> Conflicts: koha-tmpl/intranet-tmpl/prog/en/modules/serials/serials-search.tt commit 94c70537c62e25ac0ed8a5cb71c10c3315653e2d Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:01:32 2015 +0000 Bug 14423 : XSS bugs in catalogue search To test 1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice alert boxes 3/ Apply patch 4/ Reload url, no alerts 5/ Check search still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit 48af13bd1a0eff3162d5e8edb867a701e233e5da) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit 735ec07ca761dced366adc2711fb266bbc150099 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:33:13 2015 +0000 Bug 14423 XSS bug in auth_subfields_structure 1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice a ton of alert boxes pop up 3/ Apply patch 4/ Reload url, no longer get any alerts 5/ Test fuctionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit d35384c039b8db00659d1cd0ee08cfb50c45481e) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit ebc7b2a033d7a80e09dbb0cb51c83029f505d3fc Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:18:20 2015 +0000 Bug 14423 : XSS bug in lateorders 1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom 2/ Not you get an alert box 3/ Apply patch notice it is fixed 4/ Test functionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit 66dc4a9e7d2f11b97f1a4b0f76b5c485c3873683) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit 1c82ddcaad2197a372fcc021b18548a3801440ab Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:10:20 2015 +0000 Bug 14423 : XSS in authorities-home To test: 1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice you get 3 alert boxes 3/ Apply patch 4/ Hit the url again, no js Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> (cherry picked from commit 4b5a87c7ec62cfb796ea7c24aec8a61039e25f5c) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> ----------------------------------------------------------------------- Summary of changes: .../prog/en/includes/authorities-search.inc | 6 ++--- .../prog/en/modules/acqui/lateorders.tt | 6 ++--- .../en/modules/admin/auth_subfields_structure.tt | 28 ++++++++++---------- .../prog/en/modules/catalogue/results.tt | 6 ++--- .../prog/en/modules/serials/serials-search.tt | 26 +++++++++--------- .../prog/en/modules/suggestion/suggestion.tt | 22 +++++++-------- 6 files changed, 47 insertions(+), 47 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 15:18:43 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 13:18:43 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-230-gcad134c Message-ID: <E1Z7O67-0005DU-Au@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via cad134cd172c50dd55bf11696d69460bc2bf547d (commit) via 55103ad860c42e5e0dc52b8d186c7266e5377f0a (commit) via 198e6669eeb68519b4909d99631d84aed068845e (commit) via f05931e05154cc85df4036fe7c4acdfc0ddb5995 (commit) via fc6789c20636f8104854b74209b658634831f4e5 (commit) via 887bb6d510aaafc94b7a59fea62f773f3ce83116 (commit) via 603a111d3a711148fbcecd293b0a8b89fa0b0fc6 (commit) via d87b8a5cf3458492c67c424b3f811ac0085599f0 (commit) via a5489d993615996e1e125e945870dce92c7d1c10 (commit) via 91a8584aa845fb1695a46fe3b89197f7d1365d94 (commit) via c08063d037d9cff0e7b5e390919c88e5edb5a150 (commit) via 3601c6fb1b19ef52cf441b473b34d98a17bc887a (commit) via 98901d27be4cf6fd6210ebb32b9cddf2fcd827a0 (commit) via d8bccd612638c4728f561972daf7f70d49d263a5 (commit) from 64e47c63dc59669c3c651b93630c470e06107fd6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit cad134cd172c50dd55bf11696d69460bc2bf547d Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Tue Jun 16 18:16:27 2015 +0200 Bug 13962: Add link to the vendor detail page This patch 1/ uses the class of the th to filter the columns and 2/ adds a link on the vendor name to the vendor detail page. Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 55103ad860c42e5e0dc52b8d186c7266e5377f0a Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Wed Jun 10 00:34:50 2015 +0200 Bug 13962: Add vendor to acq details tab in staff Implementing some feedback from our user meeting: The acquisition details tab on the detail page in staff should also show the vendor of the order. To test: - Make sure AcquisitionDetails is active. - Create an order or look up an order in the acqusition module. - Go to the ordered record and check the 'Acquisition details' tab - Verify the vendor shows up there as first column now - Check that sorting and display of the other columns are still working correctly Note: Also fixes a </th> that should be a </td> Signed-off-by: Aleisha <aleishaamohia at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 198e6669eeb68519b4909d99631d84aed068845e Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Tue Jun 23 10:40:15 2015 +0200 Bug 14324: Display "Add Child" for Organisations on circ/circulation.pl On moremember, the button is displayed for Organisations. To be consistent, it should be displayed on the circulation page too. Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit f05931e05154cc85df4036fe7c4acdfc0ddb5995 Author: Barton Chittenden <barton at bywatersolutions.com> Date: Thu Jun 18 13:31:28 2015 -0700 Bug 14324: Set "adultborrower" regardless of guarantor status. Signed-off-by: Jason Robb - SEKLS (jrobb at sekls.org) Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit fc6789c20636f8104854b74209b658634831f4e5 Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Wed Apr 1 16:23:48 2015 +0200 Bug 8802: On editing a library group category type is not set The category type was always set to 'searchdomain', because it's the first of the dropdown list. Test plan: 1/ Create or edit a library group 2/ Set the category type to "properties" 3/ Edit it again 4/ Confirm "properties" is correctly selected Signed-off-by: Nick Clemens <nick at quecheelibrary.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 887bb6d510aaafc94b7a59fea62f773f3ce83116 Author: Liz Rea <wizzyrea at gmail.com> Date: Tue Jun 23 12:37:09 2015 +1200 Bug 14423: tab characters in auth_subfields_structure Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 603a111d3a711148fbcecd293b0a8b89fa0b0fc6 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:35:07 2015 +0000 Bug 14423: Multiple XSS bugs in suggestion.pl To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/suggestion/suggestion.pl?author=%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&accepteddate_to= 2/ Notice alert box(es) 3/ Apply patch 4/ Reload and notice alert is gone Repeat for collection_title copyrightdate isbn manageddate_from manageddate_to publishercode suggesteddate_from suggesteddate_to Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit d87b8a5cf3458492c67c424b3f811ac0085599f0 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:20:51 2015 +0000 Bug 14423: Multiple XSS vulnerabilities in serials-search To test 1/ Hit a url like http://localhost:8081/cgi-bin/koha/serials/serials-search.pl?bookseller_filter=%22%22%22%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&searched=1&title_filter= 2/ Notice alert boxes 3/ Apply patch 4/ Reload, notice fixed Repeat for callnumber_filter EAN_filter ISSN_filter publisher_filter title_filter Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit a5489d993615996e1e125e945870dce92c7d1c10 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 09:01:32 2015 +0000 Bug 14423: XSS bugs in catalogue search To test 1/ hit a url like http://localhost:8081/cgi-bin/koha/catalogue/search.pl?limit=%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice alert boxes 3/ Apply patch 4/ Reload url, no alerts 5/ Check search still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 91a8584aa845fb1695a46fe3b89197f7d1365d94 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:46:40 2015 +0000 Bug 14423: XSS issues in marc_subfields_structure 1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice all the alert boxes 3/ Apply patch 4/ Reload page, no more alerts 5/ Test functionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit c08063d037d9cff0e7b5e390919c88e5edb5a150 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:33:13 2015 +0000 Bug 14423: XSS bug in auth_subfields_structure 1/ Hit a url like http://localhost:8081/cgi-bin/koha/admin/auth_subfields_structure.pl?op=add_form&authtypecode=%27%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E&tagfield=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice a ton of alert boxes pop up 3/ Apply patch 4/ Reload url, no longer get any alerts 5/ Test fuctionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 3601c6fb1b19ef52cf441b473b34d98a17bc887a Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:18:20 2015 +0000 Bug 14423: XSS bug in lateorders 1/ hit a url like http://localhost:8081/cgi-bin/koha/acqui/lateorders.pl?delay=<script>alert('oh noes')</script>&estimateddeliverydatefrom 2/ Not you get an alert box 3/ Apply patch notice it is fixed 4/ Test functionality still works Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 98901d27be4cf6fd6210ebb32b9cddf2fcd827a0 Author: Chris <chris at bigballofwax.co.nz> Date: Sun Jun 21 08:10:20 2015 +0000 Bug 14423: XSS in authorities-home To test: 1/ Hit a url like http://localhost:8081/cgi-bin/koha/authorities/authorities-home.pl?op=do_search&type=intranet&marclist=mainentry&and_or=and&operator=contains&value=%22/%3E%3Cscript%3Ealert%28%27oh%20noes%27%29%3C/script%3E 2/ Notice you get 3 alert boxes 3/ Apply patch 4/ Hit the url again, no js Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit d8bccd612638c4728f561972daf7f70d49d263a5 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Mon Jun 22 10:56:26 2015 +0200 Bug 14426: Escape or use placeholders for sql parameters Does this patch enough to prevent sql injection in borrowers_out.pl? ==================================================================== 1. "Criteria" Parameter, Payload: ELT(1=1,'evil') / ELT(1=2,'evil') ==================================================================== echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=2,'evil')" | nc testbox 9002 echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 186\r\n\r\nFilter=P_COM&Filter=&Limit=&output=file&basename=Export&MIME=CSV&sep=%3B&report_name=&do_it=1&userid=<username>&password=<password>&branch=&koha_login_context=intranet&Criteria=ELT(1=1,'evil')" | nc testbox 9002 ==================================================================== 2. "Filter" Parameter, Payload: P_COM'+AND+'a'='a / P_COM'+AND+'a'='b ==================================================================== echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='a" | nc testbox 9002 echo -ne "POST /cgi-bin/koha/reports/borrowers_out.pl HTTP/1.1\r\nHost: testbox:9002\r\nContent-Length: 183\r\n\r\nkoha_login_context=intranet&Limit=&Criteria=branchcode&output=file&basename=Export&MIME=CSV&sep=;&report_name=&do_it=1&userid=<userid>&password=<password>&branch=&Filter=P_COM'+AND+'a'='b" | nc testbox 9002 ==================================================================== Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> ----------------------------------------------------------------------- Summary of changes: admin/branches.pl | 2 +- circ/circulation.pl | 4 +- .../prog/en/includes/authorities-search.inc | 6 +-- .../prog/en/modules/acqui/lateorders.tt | 6 +-- .../en/modules/admin/auth_subfields_structure.tt | 28 ++++++------- .../en/modules/admin/marc_subfields_structure.tt | 28 ++++++------- .../prog/en/modules/catalogue/detail.tt | 16 +++++--- .../prog/en/modules/catalogue/results.tt | 6 +-- .../prog/en/modules/serials/serials-search.tt | 26 ++++++------- .../prog/en/modules/suggestion/suggestion.tt | 22 +++++------ members/moremember.pl | 3 +- reports/borrowers_out.pl | 41 +++++++++++++------- 12 files changed, 103 insertions(+), 85 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 15:21:39 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 13:21:39 +0000 Subject: [koha-commits] main Koha release repository branch 3.16.x updated. v3.16.11-21-g3925084 Message-ID: <E1Z7O8x-0005Fz-P1@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.16.x has been updated via 39250849fecdb125c53e4b5424fa70316dce3393 (commit) from b8443a35f66f0122b2478c7c4d78d4de3bc58aa3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 39250849fecdb125c53e4b5424fa70316dce3393 Author: Mason James <mtj at kohaaloha.com> Date: Wed Jun 24 01:20:11 2015 +1200 Bumping DB version for 3.16.12 ----------------------------------------------------------------------- Summary of changes: installer/data/mysql/updatedatabase.pl | 7 +++++++ kohaversion.pl | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 15:31:53 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 13:31:53 +0000 Subject: [koha-commits] main Koha release repository annotated tag v3.16.12 created. v3.16.12 Message-ID: <E1Z7OIr-0005Md-Na@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The annotated tag, v3.16.12 has been created at 148c2eb1b11f408332523065ad5cc727ada019c8 (tag) tagging 39250849fecdb125c53e4b5424fa70316dce3393 (commit) replaces v3.16.11 tagged by Mason James on Wed Jun 24 01:21:22 2015 +1200 - Log ----------------------------------------------------------------- Koha Release 3.16.12 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJViV1SAAoJEGPsprNybXB3RCEH/0WFZ7zIfgjj3r25afx7mWxb fZVeAHaJaAVi1DtpqiWYaZ5haG+GwSTEWd/PQ1awEOxPkpIs6XIspaCnLD4iZ9dq LFo2735fTBA7qhBxuUu5CRme9dVqaI0fUXRFdD8Dwnm7M2RHzbSEkS0es9Ovy7y+ 8Os5jc/EgxmP9JRsQXX53XiNb4iwc7JXKFy95L3VEKaU9/d1eiIZjZmkbG3uWSsv muOUa7LGgZOZyE13ioZjgkoJadyEu8iT9D+YAS5bnO181u4GdFx1DCcUgCFrzuuy Zbds16Y58XImkXEsgJrE9+qzIPPWFUkYWANDqnVFWb0RXpjInfp8Z0JynPmHHMo= =fPD0 -----END PGP SIGNATURE----- Aleisha (2): Bug 14360: Unescaped variable causes alert Bug 14360: Unescaped variable causes alert pop-up Bernardo Gonzalez Kriegel (1): Translation updates for Koha 3.16.12 release Chris (7): Bug 14423 : XSS in authorities-home Bug 14423 : XSS bug in lateorders Bug 14423 XSS bug in auth_subfields_structure Bug 14423 : XSS issues in marc_subfields_structure Bug 14423 : XSS bugs in catalogue search Bug 14423 : Multiple XSS vulnerabilities in serials-search Bug 14423 : Multiple XSS bugs in suggestion.pl Chris Cormack (5): Bug 14418 XSS Vulnerabilities Bug 14418 : XSS flaw in opac-shelves.pl Bug 14418 : More XSS vulnerabilities in opac-shelves.pl Bug 14416 Stored XSS vulnerability Bug 14412 : SQL injection possible Jonathan Druart (4): Bug 14416: (follow-up) opac addbybilionumber Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet) Bug 14408 Path traversal vulnerability Bug 14408: Add tests to get_template_and_user Mason James (2): Add release notes for 3.16.12 Bumping DB version for 3.16.12 ----------------------------------------------------------------------- hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 15:37:27 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 13:37:27 +0000 Subject: [koha-commits] main Koha release repository branch 3.16.x updated. v3.16.12-1-ge891012 Message-ID: <E1Z7OOF-0005P6-HG@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.16.x has been updated via e89101271ac63d4c2d86474e0a7640b34f0e85b7 (commit) from 39250849fecdb125c53e4b5424fa70316dce3393 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e89101271ac63d4c2d86474e0a7640b34f0e85b7 Author: Mason James <mtj at kohaaloha.com> Date: Wed Jun 24 01:39:18 2015 +1200 update notes ----------------------------------------------------------------------- Summary of changes: misc/release_notes/release_notes_3_16_12.html | 3 ++- misc/release_notes/release_notes_3_16_12.txt | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 17:49:40 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 15:49:40 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-28-g6977b5b Message-ID: <E1Z7QSC-0006Kr-QZ@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via 6977b5b27fc2cc6d04fbbc71ec171a23f5e71f94 (commit) via 7c6ec195181b5cea3f108285f16afb1cd1654783 (commit) via 94c66f92ee11b81889dd6550acd664f2344cd19f (commit) via 944c786441c2fccaf786220c33a0f141cc94b999 (commit) via a1bc481b33fb3075b8bb8949bb8c34fb94286223 (commit) via 1f7fa4fadcd9037a7ebefacde63aea607e913c08 (commit) from 910951512bd240df36ab18f3eb083afe0d75dfaf (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6977b5b27fc2cc6d04fbbc71ec171a23f5e71f94 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:25:30 2015 +0200 Bug 14408: Add tests to get_template_and_user Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Mason James <mtj at kohaaloha.com> (cherry picked from commit e8a3febfe7050870116db0512e1a39690a72346c) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit 7c6ec195181b5cea3f108285f16afb1cd1654783 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:12:45 2015 +0200 Bug 14408 Path traversal vulnerability /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Mason James <mtj at kohaaloha.com> (cherry picked from commit 0b7647eff31c85d8f7e1e5a50fd82d3b94eec816) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> Conflicts: C4/Auth.pm commit 94c66f92ee11b81889dd6550acd664f2344cd19f Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 17:49:32 2015 +0200 Revert "Bug 14408: Path Traversal error" This reverts commit 2870086da0070dad38bdb4a22be9e07dd1c8c713. commit 944c786441c2fccaf786220c33a0f141cc94b999 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 17:49:30 2015 +0200 Revert "Bug 14408: Add tests to get_template_and_user" This reverts commit 656b2dc36c324b7368c4541ff6288c9451a774bb. commit a1bc481b33fb3075b8bb8949bb8c34fb94286223 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 17:49:27 2015 +0200 Revert "Bug 14408: Allow integers in template paths" This reverts commit 253b6f1f51cc73f36829658be5c8d905b2e36909. commit 1f7fa4fadcd9037a7ebefacde63aea607e913c08 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 17:49:23 2015 +0200 Revert "Bug 14408: Allow tmpl and empty in template paths" This reverts commit 4e1b447b4cd9e4781b03fbf78fe027ca80580a33. ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 5 +++-- t/db_dependent/Auth.t | 38 +++++++++++++------------------------- 2 files changed, 16 insertions(+), 27 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 18:14:53 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 16:14:53 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.15-32-gc95b80d Message-ID: <E1Z7Qqb-0006VX-3O@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via c95b80d5d9718df73f6474be0a8657eae8450de9 (commit) via fb55e2cc80642f9adb5c65a253869d4d26f46c81 (commit) via 735313aba464986867a858327fe5164c387da9ff (commit) via a26e1fa3bd7cedec3da1454acb1f759bce0ba030 (commit) from 6977b5b27fc2cc6d04fbbc71ec171a23f5e71f94 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c95b80d5d9718df73f6474be0a8657eae8450de9 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 18:16:18 2015 +0200 Increment version for 3.14.16 release Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit fb55e2cc80642f9adb5c65a253869d4d26f46c81 Merge: 735313a a26e1fa Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 18:14:06 2015 +0200 Merge remote-tracking branch 'translator/3.14.16' into 3.14.x commit 735313aba464986867a858327fe5164c387da9ff Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 18:13:36 2015 +0200 Update release notes for 3.14.16 release Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit a26e1fa3bd7cedec3da1454acb1f759bce0ba030 Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Date: Mon Jun 22 22:24:29 2015 -0300 Translation updates for Koha 3.14.16 release ----------------------------------------------------------------------- Summary of changes: installer/data/mysql/updatedatabase.pl | 6 + kohaversion.pl | 2 +- ...notes_3_14_14.txt => release_notes_3_14_16.txt} | 90 ++++-- .../translator/po/de-DE-i-opac-t-prog-v-3006000.po | 12 +- .../po/de-DE-i-staff-t-prog-v-3006000.po | 31 +- misc/translator/po/de-DE-opac-bootstrap.po | 14 +- .../translator/po/es-ES-i-opac-t-prog-v-3006000.po | 12 +- .../po/es-ES-i-staff-t-prog-v-3006000.po | 8 +- misc/translator/po/es-ES-opac-bootstrap.po | 16 +- misc/translator/po/es-ES-pref.po | 10 +- .../translator/po/fo-FO-i-opac-t-prog-v-3006000.po | 185 ++++++------ .../po/fo-FO-i-staff-t-prog-v-3006000.po | 166 +++++------ misc/translator/po/fo-FO-opac-bootstrap.po | 312 ++++++++++---------- misc/translator/po/fo-FO-opac-ccsr.po | 77 ++--- misc/translator/po/fo-FO-pref.po | 15 +- .../translator/po/tr-TR-i-opac-t-prog-v-3006000.po | 10 +- .../po/tr-TR-i-staff-t-prog-v-3006000.po | 57 ++-- misc/translator/po/tr-TR-opac-bootstrap.po | 10 +- misc/translator/po/tr-TR-pref.po | 15 +- 19 files changed, 556 insertions(+), 492 deletions(-) copy misc/release_notes/{release_notes_3_14_14.txt => release_notes_3_14_16.txt} (75%) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 18:15:10 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 16:15:10 +0000 Subject: [koha-commits] main Koha release repository annotated tag v3.14.16 created. v3.14.16 Message-ID: <E1Z7Qqs-0006Wl-W4@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The annotated tag, v3.14.16 has been created at 6a366c24de17d5d3acedbe1b898783316948114b (tag) tagging c95b80d5d9718df73f6474be0a8657eae8450de9 (commit) replaces v3.14.15 tagged by Fridolin Somers on Tue Jun 23 18:16:41 2015 +0200 - Log ----------------------------------------------------------------- Koha release 3.14.16 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAABAgAGBQJViYZpAAoJECvJNkKAZAZuZkcH/jm6ZLpEV1SDImkVOJSzDSS9 D3NraiISn/0yryB2ZeGrN6/wofujNRlW2A9yFmPhomrfwADsXgrPyb6GQjgUWBhx zzViP17aumL4nGqSOFwrM52N3ep0hVx/0w9TgHNuHaJsQKGauFDsSBy8ELOQioJO yoBjWrwhDgiv6d8Inwos3qL25FZ1lVriHC+3+0sJv6bnNPwfbOJGoyzAYxV6uolo JeIN/kKAMZ8KI0RmIM9rpl6P6f//RJhdmR/ySMlOwHl/Erqfh8o6bZfDHMVd89BT z5JryacDUL3w5OlUuKVmlf8A5Gw+m8nKPD8hrdkqTrwDVRedDo5J7z7NP0LOnhA= =6ZPy -----END PGP SIGNATURE----- Aleisha (2): Bug 14360: Unescaped variable causes alert Bug 14360: Unescaped variable causes alert pop-up Bernardo Gonzalez Kriegel (1): Translation updates for Koha 3.14.16 release Chris (7): Bug 14408: Path Traversal error Bug 14423 : XSS in authorities-home Bug 14423 : XSS bug in lateorders Bug 14423 XSS bug in auth_subfields_structure Bug 14423 : XSS bugs in catalogue search Bug 14423 : Multiple XSS vulnerabilities in serials-search Bug 14423 : Multiple XSS bugs in suggestion.pl Chris Cormack (4): Bug 14416: Stored XSS vulnerability Bug 14412: SQL injection possible Bug 14418: XSS Vulnerabilities in OPAC search Bug 14418: More XSS vulnerabilities in opac-shelves.pl Fridolin Somers (8): Bug 14408: Allow tmpl and empty in template paths Revert "Bug 14408: Allow tmpl and empty in template paths" Revert "Bug 14408: Allow integers in template paths" Revert "Bug 14408: Add tests to get_template_and_user" Revert "Bug 14408: Path Traversal error" Update release notes for 3.14.16 release Merge remote-tracking branch 'translator/3.14.16' into 3.14.x Increment version for 3.14.16 release Jonathan Druart (7): Bug 14416: (follow-up) opac addbybilionumber Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet) Bug 14408: Add tests to get_template_and_user Bug 14408: Allow integers in template paths Bug 14426: Escape or use placeholders for sql parameters Bug 14408 Path traversal vulnerability Bug 14408: Add tests to get_template_and_user Martin Renvoize (2): Bug 13521: Removed superflous semicolon Bug 13521: Add missing semicolon Mason James (1): Bug 12954: Failed login should retain anonymous session (3.16.x) ----------------------------------------------------------------------- hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 23 23:32:14 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 21:32:14 +0000 Subject: [koha-commits] main Koha release repository branch 3.18.x updated. v3.18.08-3-g0078711 Message-ID: <E1Z7Vni-00086t-6P@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.18.x has been updated via 00787111f6eb44169d91240bbad2d3eedd3a31a9 (commit) from c4d16bba029e3065a763d093cf8614bea5d849ed (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 00787111f6eb44169d91240bbad2d3eedd3a31a9 Author: Liz Rea <wizzyrea at gmail.com> Date: Wed Jun 24 09:28:32 2015 +1200 Update release number in updatedatabase Typo. ----------------------------------------------------------------------- Summary of changes: installer/data/mysql/updatedatabase.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 24 00:07:57 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 22:07:57 +0000 Subject: [koha-commits] main Koha release repository branch 3.18.x updated. v3.18.08-4-g0580342 Message-ID: <E1Z7WMH-0008MA-OP@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.18.x has been updated via 0580342093946f59e8f0f1320f136ad085abe305 (commit) from 00787111f6eb44169d91240bbad2d3eedd3a31a9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 0580342093946f59e8f0f1320f136ad085abe305 Author: Liz Rea <wizzyrea at gmail.com> Date: Wed Jun 24 10:10:18 2015 +1200 Bug 14408 & 14439 - typo fixes for regexes ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 24 00:49:02 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 22:49:02 +0000 Subject: [koha-commits] main Koha release repository annotated tag v3.18.08 deleted. v3.18.07-64-ge4ec3ed Message-ID: <E1Z7X02-0000OT-67@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The annotated tag, v3.18.08 has been deleted was 77c566779d144dad4e04bf39436cd3c432b5a7fd - Log ----------------------------------------------------------------- ----------------------------------------------------------------------- hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 24 00:49:13 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Tue, 23 Jun 2015 22:49:13 +0000 Subject: [koha-commits] main Koha release repository annotated tag v3.18.08 created. v3.18.08 Message-ID: <E1Z7X0D-0000PO-A4@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The annotated tag, v3.18.08 has been created at 28bdb432d30e1e607eaa48c3f9346c1e111b6c8e (tag) tagging 0580342093946f59e8f0f1320f136ad085abe305 (commit) replaces v3.18.07 tagged by Liz Rea on Wed Jun 24 10:49:40 2015 +1200 - Log ----------------------------------------------------------------- Koha release 3.18.08 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJVieKEAAoJEBuNTiU1Z9kHiBAP/1trOOzroxr2fID3is9e1357 09rMz/Ill4FEgnVWideLZwRniRnluJLP64C+a33tBObgGsPln8KZsOmSq5B/E6iq 4S8LnKrGOQpc6qQGtS+zwHNeKtWMmNMl0vaeKtHLeScHcLpvejVDv0T99FRu2Hsi vDfcCG2avEKwB2LzyjUEyej2ii0Nm+zsUZEsaNTJtfhBXvKlLHIgzHqEHaoexlhL 4JznG/jqaccNMIfm8pGVKGyKj4jrv71H2nnl+eSEA3S+iDsKNXa8OBuOHZfmI0AA +lTuSn56G73aJ3mIdFacCZknZIDtcUSrYPLrirZ1A91vs7AT8rr6qDZXkyt3/0Ni CszjFIZGOvp37LsDFzb2fl6Z4jSPUJuaZ0ILrT6QfJbGaE0N9G9NvBSYCs62r4WC GnuBzomlJGCiTfTsZk1tFJcOk+EFXSJPJmrOaXUGo10GEmhEYKt4QPU0pt0crKKD KFEfGqU/ISGS7AvVm/ua5cVFeg+fopRjZFBWyUWUsvrM/Cv0MiyyVBa6mNtT60fM 47HgMnKQP6SlGTK8EyuPPGmT5nz/FXhhuO4TUw/hwJqNWQijmhUbP2Org/87IrI9 nLDxf+CLJwFe516Bz8gghf2ByjKtnoUJ7h4yQcxmmaAOr0l/MKJBgm3yVVD8aqoR JhSwmHTFetm9/JwOU6rV =xGRV -----END PGP SIGNATURE----- Aleisha (5): Bug 14186: Undefined $reservedfor causes warn in opac-reserve.pl Bug 14185: Undefined $limit causes warn in opac/opac-readingrecord.pl Bug 14184: Undefined $term causes noisy warns in C4/CourseReserves.pm Bug 14360: Unescaped variable causes alert Bug 14360: Unescaped variable causes alert pop-up Bernardo Gonzalez Kriegel (5): Bug 14275: Remove CGI::scrolling_list from guided_reports.pl Bug 14279: Remove CGI::scrolling_list from issues_avg_stats.pl Bug 14285: Bengali locale needs to be re-defined Bug 14173: Paging on 'recent comments' page in OPAC is not displaying correctly Translation updates for Koha 3.18.08 release Chris (8): Bug 14408 Path Traversal error Bug 14423 : XSS in authorities-home Bug 14423 : XSS bug in lateorders Bug 14423 XSS bug in auth_subfields_structure Bug 14423 : XSS issues in marc_subfields_structure Bug 14423 : XSS bugs in catalogue search Bug 14423 : Multiple XSS vulnerabilities in serials-search Bug 14423 : Multiple XSS bugs in suggestion.pl Chris Cormack (4): Bug 14412 : SQL injection possible Bug 14418 XSS Vulnerabilities Bug 14418 : XSS flaw in opac-shelves.pl Bug 14418 : More XSS vulnerabilities in opac-shelves.pl David Cook (2): Bug 14266: Replace trim() with $.trim() in opac-shareshelf.tt Bug 14265 - Use $.trim instead of trim() in admin/categorie.tt Dobrica Pavlinusic (1): Bug 13815 - plack loose CGI qw(-utf8) flag creating incorrect utf-8 encoding everywhere Indranil Das Gupta (4): Bug 14186 [QA Followup]: Undefined $reservedfor causes warn in opac-reserve.pl Bug 14203: Message for non-existent lang removal Bug 14206: Adds delete function for non email templates Bug 14206: Adds test for getletter() call from overdue_notices.pl Jonathan Druart (7): Bug 14266: Trim the email address in the pl script Bug 11790: Remove dependency C4::Context from C4::Charset Bug 10355: paramater 'object' lost on the road Bug 13265: Use sessionStorage to store searches instead of cookies Bug 11941: Add link to patron lists from the patron home page Bug 14408 Path traversal vulnerability Bug 14426: Escape or use placeholders for sql parameters Katrin Fischer (3): Bug 14130: Update columns.def Bug 13946: Change order status 'Pending' to 'Ordered' Bug 14350: Missing statement in kohastructure.sql - DROP TABLE IF EXISTS borrower_sync Kyle M Hall (3): Bug 12066: New renew page in staff client doesn't record branch in statistics Bug 14299: Today's checkouts not always sorting correctly Bug 14338: Unable to delete patron images Liz Rea (11): Revert "Bug 14112: Silence warnings in t/Charset.t" Updating database to version 3.18.07.001 Revert "Bug 14408 Path traversal vulnerability" Bug 14423 - tab characters in auth_subfields_structure Update release notes for 3.18.8 release Increment version for 3.18.8 release Merge branch 'security-3.18.x' into rmaint-3.18.x Revert "Bug 13815 - plack loose CGI qw(-utf8) flag creating incorrect utf-8 encoding everywhere" Minor release note update Update release number in updatedatabase Bug 14408 & 14439 - typo fixes for regexes Magnus Enger (1): Bug 14025: Fix 865u-links in the OPAC for NORMARC Marc V?ron (2): Bug 11929: patron modification error shows borrowernumber Bug 14314: System Preferences: Better explanation for syspref 'ShowReviewerPhoto' Marcel de Rooy (4): Bug 14276: Keep highlight on the active item in item editor Bug 14327: Fix js error "TypeError: events is null" in additem.js Bug 14329: Useless copy/pasta from Template::Plugin::HtmlToText Bug 14330: Remove unused email_sender from sendbasket/sendshelf Mark Tompsett (3): Bug 14112: Silence warnings in t/Charset.t Bug 14112: Silence warnings in t/Charset.t Bug 10625: Inventory/Stocktaking tool cannot handle windows file uploads Robin Sheat (2): Bug 14106: fill up the zebra config with a list of modulePaths Bug 14106: patch existing zebra configs with new modulePath Tomas Cohen Arazi (2): Bug 14106: (QA followup) avoid failures if no instances created Bug 14344: uninitialized value warning C4/Utils/DataTables/Members.pm Zeno Tajoli (1): Bug 14047: Order z39.50 biblioservers in cataloguing ----------------------------------------------------------------------- hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 24 10:41:30 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 24 Jun 2015 08:41:30 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-1-gdd5cf24 Message-ID: <E1Z7gFO-0006do-3a@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via dd5cf241cb9f867d9c85e6e40685f2ccd9ff5e3d (commit) from 2e22ae198cf5867ed4bcb96539cebcaf9085b334 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd5cf241cb9f867d9c85e6e40685f2ccd9ff5e3d Author: Liz Rea <liz at catalyst.net.nz> Date: Wed Jun 24 11:20:58 2015 +1200 bug 14440 - work around for empty tt filenames This is a work around for the bug of not accepting empty template names. To test: Make sure all of these functions still work. Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: acqui/updatesupplier.pl | 2 +- opac/opac-ratings.pl | 2 +- tools/quotes/quotes-upload_ajax.pl | 2 +- tools/quotes/quotes_ajax.pl | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 24 16:30:37 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 24 Jun 2015 14:30:37 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-243-gbf9bff8 Message-ID: <E1Z7lhF-0000E0-MA@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via bf9bff898f583c90714e9dc98e28bffd8cc24b2b (commit) via f900ea03bf15746bd2c310b59f2fb06972f6bdee (commit) via cbf3c9aa40c13f15a704945f7d6ceaf3aab4b3f0 (commit) via cb44a8de3a6fbe7ecf2d349a6cab44ace0dc7165 (commit) via d27af7a3c5ac95ad12fe99436d71336adbba9fad (commit) via 7e449548e8646dfd70f53119096b70a3dbd8477e (commit) via 3a179e7a2bbf09b887518e90a4d1e324bfc2e6b3 (commit) via c446a4da4e709ba1f848092fa06f6d21fff157eb (commit) via abbd51fb004b853ea7cd0cd86dbccbbd9ffb706d (commit) via 8da9d099c6a3455edd3c0aee2253b68050d3c596 (commit) via a2478a708ba72893d435365a5f00025e709d495f (commit) via 36e68aaaa989b913d0007740b6fa2162b223ace5 (commit) via 2845fb2423a24b2adde52a421f7a9e5d99bc36f7 (commit) from cad134cd172c50dd55bf11696d69460bc2bf547d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bf9bff898f583c90714e9dc98e28bffd8cc24b2b Author: Lyon3 Team <koha at univ-lyon3.fr> Date: Tue Feb 24 15:50:49 2015 +0100 Bug 12074: Filter duplicates when adding a batch from a staged file When adding a batch of records to a basket, duplicates are skipped and an alert is displayed with a link to them so as they could be treated individually. Test plan : You need the 2 test attached files TestFile1.mrc and TestFile2.elc (TestFile1 includes only the title "Amilec ou La graine d'hommes" that is also included in TestFile2) 1) go to ?Stage MARC records for import? page, upload TestFile1 and stage it (select iso 5426 encoding). 2) Manage staged record and import the batch. 3) Make sure that the new record is indexed (depending to your indexing system and test platform). 4) Go back to go to ?Stage MARC records for import? page upload TestFile2 and stage it (select iso 5426 encoding). 5) Go to acquisitions module and create a new basket. 6) From your basket, in the ?Add order to basket block? choose 'From a staged file'. 7) Then click File2 (?addorder button'). 8) Go down the "Import all" block and save. 9) You are redirected to the basket page : a warning is displayed to tell you that some duplicates have been found and skipped. There's a link on the warning throughout you can go back to the list of remaining records and treat them individually if necesary. 10) Click the link : you fall upon the title of TestFile1 (of course as it's a duplicate). 11) Check that the imported records have been indexed. 11) Go down the "Import all" block and save. 12) A warning is displayed saying that no records have been imported because they all match an existing record. The ?Import all? block is not any more visible. Signed-off-by: JA <aloi54 at live.fr> Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit f900ea03bf15746bd2c310b59f2fb06972f6bdee Author: Liz <wizzyrea at gmail.com> Date: Wed Jun 24 09:52:05 2015 +0000 Bug 14450: itemsearch no longer working To test: Click Advanced search in staff client Click the link for "Go to Item Search" at the top of the page Do a search, you should get results. Try some combinations and make sure it works like it should. Signed-off-by: Jacek Ablewicz <abl at biblos.pk.edu.pl> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit cbf3c9aa40c13f15a704945f7d6ceaf3aab4b3f0 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Tue Jun 23 16:10:22 2015 +0200 Bug 14439: Add test - template path should finish by .tt Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit cb44a8de3a6fbe7ecf2d349a6cab44ace0dc7165 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 15:50:39 2015 +0200 Bug 14439: Typo in Bug 14408 regexp In Bug 14408 first patch, the regexp used needs an escape on dot and does not need an ending "?" Test plan : - prove t/db_dependent/Auth.t Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit d27af7a3c5ac95ad12fe99436d71336adbba9fad Author: Tomas Cohen Arazi <tomascohen at theke.io> Date: Wed Jun 24 10:34:51 2015 -0300 Bug 14252: DBRev 3.21.00.011 Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 7e449548e8646dfd70f53119096b70a3dbd8477e Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Thu Jun 4 16:02:19 2015 +0200 Bug 14252: Add sort by rfc4646_subtag in footer This patch sort by rfc4646_subtag the languages in the footer. Same as in the header. Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 3a179e7a2bbf09b887518e90a4d1e324bfc2e6b3 Author: Indranil Das Gupta <indradg at gmail.com> Date: Mon Jun 1 19:22:29 2015 +0530 Bug 14252: (followup) addresses the QA Manager comments Addresses Katrin's comments in comment# 56 TEST PLAN --------- 1) Back up your DB 2) Ensure you have multiple languages, including some that have sub-languages (e.g. de-DE, de-CH) -- cd misc/translator -- perl translate install {language code} 3) Ensure that you have all the languages enabled -- Staff client -> Home -> Global system preferences --> I18N/L10N Check all the languages in opaclanguages. Ensure that opaclanguagesdisplay is 'Allow' 4) Open OPAC -- should only have languages in footer. Annoyingly below the fold. 5) Drop your koha database, and create a blank one. 6) Apply all patches 7) Reinstall all the known languages, so the templates are appropriately updated. 8) Go to staff client and do an install of koha, with all the dummy data. 9) Ensure you have all the languages enabled (see (3)) 10) Refresh your OPAC page -- language selector position should be in both the footer and at the top as expected. -- this confirms the sysprefs.sql change. 11) Restore your DB 12) run the updatedatabase.pl script 13) Ensure you have all the languages enabled (see (3)) 14) Refresh the OPAC page -- should still only have languages in the footer. -- this confirms that upgrade won't change anything. -- this confirms the atomic update. 15) git diff origin/master -- the opac-bottom.inc difference should only have changes around a SET, IF, and END. This confirms the noprint was fixed. 16) In the staff client, change the OPAC system preference, OpacLangSelectorMode, to all three values. For each value, refresh the OPAC page, and confirm the position of the language selector. -- should work as expected. 17) run koha qa test tools NOTE: Tested as a single batch together. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit c446a4da4e709ba1f848092fa06f6d21fff157eb Author: Mark Tompsett <mtompset at hotmail.com> Date: Sun May 31 23:16:17 2015 -0400 Bug 14252: Follow up noprint and default values TEST PLAN --------- 0) Back up your DB 1) open OPAC -- should only have languages in footer. Annoyingly below the fold. 2) Drop your koha database, and create a blank one. 3) Apply all patches 4) Go to staff client and do an install of koha, with all the dummy data. 5) Once installed, refresh your OPAC page -- language selector position should be in footer still as expected. -- this confirms the sysprefs.sql change. 6) Restore your DB 7) run the updatedatabase.pl script 8) Refresh the OPAC page -- should still only have languages in the footer. -- this confirms that upgrade won't change anything. -- this confirms the atomic update. 9) git diff origin/master -- the opac-bottom.inc difference should only have changes around a SET, IF, and END. This confirms the noprint was fixed. 10) In the staff client, change the OPAC system preference, OpacLangSelectorMode, to all three values. For each value, refresh the OPAC page, and confirm the position of the language selector. -- should work as expected. 11) run koha qa test tools Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit abbd51fb004b853ea7cd0cd86dbccbbd9ffb706d Author: Indranil Das Gupta <indradg at gmail.com> Date: Mon Jun 1 05:46:30 2015 +0530 Bug 14252: (fix) address the indentation for the lang loop tidy the indentation for that lang selector loop code. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 8da9d099c6a3455edd3c0aee2253b68050d3c596 Author: Indranil Das Gupta <indradg at gmail.com> Date: Mon Jun 1 05:26:31 2015 +0530 Bug 14252: (Followup) Fixed issues pointed to in comment #40 Based on Mark's inputs in comment #40 - [1] selected 'mast' (short of 'masthead') and updated : (a) bug_14252-OpacLangSelectorMode_syspref.sql (b) sysprefs.sql (c) opac.pref [2] Reduced the calls to Koha.Preference() from : (a) masthead.inc (b) opac-bottom.inc After applying this patch, update the database once for it to pick up the new option values -'both|mast|foot'. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit a2478a708ba72893d435365a5f00025e709d495f Author: Indranil Das Gupta <indradg at gmail.com> Date: Thu May 28 04:18:44 2015 +0530 Bug 14252: (followup) Adds OpacLangSelectorMode syspref Based on discussion, this followup does the following: 1/ brings back the switcher on opac-bottom.inc 2/ adds a syspref OpacLangSelectorMode to toggle between the three modes: (a) show switcher both on masthead and footer (default) (b) footer only (b) masthead only Test plan ========= 1/ apply earlier patches attached to this bug in their correct order 2/ apply this followup patch 3/ run updatedatabase.pl to add in the atomic update 4/ goto admin/preferences.pl?tab=opac 5/ look up OpacLangSelectorMode, it should be set with default value "both masthead and footer" 6/ check OPAC to see if both locations show the selectors 7/ change OpacLangSelectorMode to 'only header' and 'only footer' at each iteration, and check if the selection has correctly toggled the selectors. It should Note: make sure you do not have the patch 11057 applied on the branch from before, otherwise merge conflict might happen. http://bugs.koha-community.org/show_bug.cgi?id=14252 Followed test plan. Works as expected. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 36e68aaaa989b913d0007740b6fa2162b223ace5 Author: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Date: Sat May 23 14:40:52 2015 -0300 Bug 14252: (followup) fix lang chooser for sublanguages This quick fix disables sublanguages dropdown, show all sublanguages on same level. To test: 1) Apply both patches 2) Translate to have sublanguages (en-NZ, de-DE, de-CH) 3) Go to opac, confirm you can select any lang/sublang 4) Check on movil device 4th version. Removed rfc4646 subtag on sublanguages, think it's cleaner. Currently on master all translated languages/regions have valid description ('en' at least) Added language sort using rfc4646 subtag Signed-off-by: Indranil Das Gupta <indradg at gmail.com> Followup fixes the issue with lang group dropdowns. Works well across standard desktop as well as mobile device with small screens (checked on 4.3" / 4.7" / 5") Works as expected. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 2845fb2423a24b2adde52a421f7a9e5d99bc36f7 Author: Indranil Das Gupta <indradg at gmail.com> Date: Sat May 23 03:11:48 2015 +0530 Bug 14252: Move OPAC lang switcher to masthead navbar The OPAC language switcher takes up a lot of space at the bottom of the browser. It also has issues of being not always visible. This patch adds the switcher to the masthead navbar and removes from the opac-bottom.inc navbar. Test plan ========= 1/ Apply patch 2/ Set opaclanguagesdisplay syspref to 'show'. 3/ Add a few languages i.e. es-ES, fr-FR and de-DE $ cd misc/translator $ perl translate <langcode> 4/ Enable installed languages for OPAC use by checking on 'opaclanguages' under I18N/L10N sysprefs 5/ Go to the OPAC, you should have a "Languages" dropdown on the masthead navbar, the opac-bottom.inc navbar should no longer be there. Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Works, no koha-qa errors. Followup fix language chooser for sublanguages Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 2 +- Koha.pm | 2 +- acqui/addorderiso2709.pl | 12 ++++++- acqui/basket.pl | 2 ++ catalogue/itemsearch.pl | 4 +-- installer/data/mysql/sysprefs.sql | 1 + installer/data/mysql/updatedatabase.pl | 10 ++++++ .../prog/en/modules/acqui/addorderiso2709.tt | 6 ++++ .../intranet-tmpl/prog/en/modules/acqui/basket.tt | 4 +++ .../prog/en/modules/admin/preferences/opac.pref | 7 ++++ .../{itemsearch.csv.tt => itemsearch_csv.tt} | 0 .../{itemsearch.json.tt => itemsearch_json.tt} | 0 .../opac-tmpl/bootstrap/en/includes/masthead.inc | 37 ++++++++++++++++++++ .../bootstrap/en/includes/opac-bottom.inc | 6 ++-- t/db_dependent/Auth.t | 3 +- 15 files changed, 88 insertions(+), 8 deletions(-) rename koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/{itemsearch.csv.tt => itemsearch_csv.tt} (100%) rename koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/{itemsearch.json.tt => itemsearch_json.tt} (100%) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 24 19:55:39 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 24 Jun 2015 17:55:39 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-251-g186b635 Message-ID: <E1Z7otf-0001JS-51@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 186b635a75c4e67b20d6fd80d9fee3a8cb3cd2cb (commit) via 0b0699bdfb8d53d7a44253090cf661405a97cf9c (commit) via fdbd5ebabeb6d20caad10c8b49ff7258f8fb85cb (commit) via 0ae0d37f7b3c8eb4e7b8e484a28b45c22b8dc03a (commit) via 1bb828f61eab47393d7279c5a2c3068d543a2aba (commit) via 7ae328cb6fb7b70a04d90eca1c9d0a40df4f726f (commit) via cff47199c4f21b6c4747ed225aa738eefbfc3024 (commit) via 734a6805c8fa97e4f029c1f848135703f9b91ad6 (commit) from bf9bff898f583c90714e9dc98e28bffd8cc24b2b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 186b635a75c4e67b20d6fd80d9fee3a8cb3cd2cb Author: Tomas Cohen Arazi <tomascohen at theke.io> Date: Wed Jun 24 14:54:36 2015 -0300 Bug 13014: (QA followup) have new warnings tested Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 0b0699bdfb8d53d7a44253090cf661405a97cf9c Author: Tomas Cohen Arazi <tomascohen at theke.io> Date: Wed Jun 24 14:40:01 2015 -0300 Bug 13014: DBRev 3.21.00.012 Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit fdbd5ebabeb6d20caad10c8b49ff7258f8fb85cb Author: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Date: Fri Apr 17 11:48:02 2015 +0200 Bug 13014: [QA Follow-up] Few typos in cronjob Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> commit 0ae0d37f7b3c8eb4e7b8e484a28b45c22b8dc03a Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Thu Nov 6 10:21:48 2014 +0100 Bug 13014: (follow-up 2) Notify budget owner on new suggestion - sample notices This patch updates the 2 optional sample_notices.sql files for ru-RU and uk-UA. Not sure if it is relevant but I don't understand why they are not up-to-date. Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com> Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Checked by running them manually. English installs 27, Russian 27 and Ukrainian 26. Last language can be updated somewhere else. commit 1bb828f61eab47393d7279c5a2c3068d543a2aba Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Thu Nov 6 10:21:01 2014 +0100 Bug 13014: (follow-up) Notify budget owner on new suggestion - sample notices This patch adds the new notice for all other languages. Signed-off-by: Jonathan Druart <jonathan.druart at biblibre.com> Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> commit 7ae328cb6fb7b70a04d90eca1c9d0a40df4f726f Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Tue Sep 30 16:59:50 2014 +0200 Bug 13014: Notify budget owner on new suggestion - cronjob Test plan: 0/ Create a new notice suggestions > TO_PROCESS You can use the one defined in the other patch. 1/ Create a suggestion and link it to a fund 2/ Add a owner to this fund and make sure this patron has an email address (the email address used should be the one defined in the AutoEmailPrimaryAddress syspref). 3/ Execute the cronjob script with the -v and without the -c argument 4/ The output should tell you that an email will be sent 5/ Execute the cronjob script with the -v and with the -c argument 6/ Verify the notice is generated in the message_queue table and it is correctly formatted. Signed-off-by: Frederic Demians <f.demians at tamil.fr> Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> commit cff47199c4f21b6c4747ed225aa738eefbfc3024 Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Tue Sep 30 16:58:48 2014 +0200 Bug 13014: Notify budget owner on new suggestion - sample notices This patch add the new notice suggestion > TO_PROCESS Others will be added when the patch will be signed off. Signed-off-by: Frederic Demians <f.demians at tamil.fr> Followup expected :-) It would be nice also to have an updatabase.pl entry to insert the new TO_PROCESS notification. Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> commit 734a6805c8fa97e4f029c1f848135703f9b91ad6 Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Tue Sep 30 16:56:46 2014 +0200 Bug 13014: Notify budget owner on new suggestion - UT When a suggestion is created and linked to a fund, a mail will be generated, using a cronjob, to notify the budget owner. A suggestion is considered as "can be treated" if its status is "ASKED". Signed-off-by: Frederic Demians <f.demians at tamil.fr> Signed-off-by: Marcel de Rooy <m.de.rooy at rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> ----------------------------------------------------------------------- Summary of changes: C4/Suggestions.pm | 18 +++ Koha.pm | 2 +- .../data/mysql/de-DE/mandatory/sample_notices.sql | 1 + .../data/mysql/en/mandatory/sample_notices.sql | 3 +- .../data/mysql/es-ES/mandatory/sample_notices.sql | 2 + .../mysql/fr-FR/1-Obligatoire/sample_notices.sql | 2 + installer/data/mysql/it-IT/necessari/notices.sql | 1 + .../mysql/nb-NO/1-Obligatorisk/sample_notices.sql | 1 + .../data/mysql/pl-PL/mandatory/sample_notices.sql | 2 + .../data/mysql/ru-RU/mandatory/sample_notices.sql | 1 + .../data/mysql/ru-RU/optional/sample_notices.sql | 37 ++++-- .../data/mysql/uk-UA/mandatory/sample_notices.sql | 1 + .../data/mysql/uk-UA/optional/sample_notices.sql | 35 +++-- installer/data/mysql/updatedatabase.pl | 12 ++ misc/cronjobs/notice_unprocessed_suggestions.pl | 139 ++++++++++++++++++++ t/db_dependent/Suggestions.t | 40 +++++- 16 files changed, 269 insertions(+), 28 deletions(-) create mode 100755 misc/cronjobs/notice_unprocessed_suggestions.pl hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Wed Jun 24 21:17:03 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Wed, 24 Jun 2015 19:17:03 +0000 Subject: [koha-commits] main Koha release repository branch 3.16.x updated. v3.16.12-7-g04d1d37 Message-ID: <E1Z7qAR-0001mR-Oe@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.16.x has been updated via 04d1d375b1a6c9fa40d5df9559d6bd72ccf7d44d (commit) via f7912f86edfae2bbf55f60cb99388113baa2752e (commit) via 5aaa108274712440c98b92efdbad8657dccfad24 (commit) via 9d7b5b843943b87d52c1cdd1e39da7afff5d4982 (commit) via 9c01b36a1f38185184bfaa502f04c2e3ec63022e (commit) via 12f30f80689ad255299faf666ac98f814e98c5a6 (commit) from e89101271ac63d4c2d86474e0a7640b34f0e85b7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 04d1d375b1a6c9fa40d5df9559d6bd72ccf7d44d Author: Mason James <mtj at kohaaloha.com> Date: Thu Jun 25 06:38:30 2015 +1200 Bug 14408 (3.16/3.14) regex fix for .tmpl files too commit f7912f86edfae2bbf55f60cb99388113baa2752e Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Mon Jun 22 10:24:51 2015 +0200 Bug 14408: Allow integers in template paths Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> commit 5aaa108274712440c98b92efdbad8657dccfad24 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:25:30 2015 +0200 Bug 14408: Add tests to get_template_and_user Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Mason James <mtj at kohaaloha.com> commit 9d7b5b843943b87d52c1cdd1e39da7afff5d4982 Author: Chris <chris at bigballofwax.co.nz> Date: Mon Jun 22 05:23:52 2015 +0000 Bug 14408 Path Traversal error Counter counter patch Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt and not allowing ../etc Note the previous patch tries to protect against /etc/passwd but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Mason James <mtj at kohaaloha.com> commit 9c01b36a1f38185184bfaa502f04c2e3ec63022e Author: Mason James <mtj at kohaaloha.com> Date: Thu Jun 25 05:05:33 2015 +1200 Revert "Bug 14408 Path traversal vulnerability" This reverts commit 0b7647eff31c85d8f7e1e5a50fd82d3b94eec816. commit 12f30f80689ad255299faf666ac98f814e98c5a6 Author: Mason James <mtj at kohaaloha.com> Date: Thu Jun 25 05:05:14 2015 +1200 Revert "Bug 14408: Add tests to get_template_and_user" This reverts commit e8a3febfe7050870116db0512e1a39690a72346c. ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 6 +++--- t/db_dependent/Auth.t | 38 +++++++++++++++++++++++++------------- 2 files changed, 28 insertions(+), 16 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 25 09:50:28 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 25 Jun 2015 07:50:28 +0000 Subject: [koha-commits] main Koha release repository branch 3.14.x updated. v3.14.16-6-gdefbfa2 Message-ID: <E1Z81vY-00008Y-Ik@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.14.x has been updated via defbfa29079e30a30544b1439f4e49fed98bd32c (commit) via c3d5ded6ec06f3f2f7de8bec8850ce5a78774c54 (commit) via d7fc8ddc4626824b0cebfc0734bcc600cc3a9d8b (commit) via e6835bc1fd9785bf8ed8121aefaffbf9aa3e9e85 (commit) via 789593dcbc1664a65d5b4a5e889747ea6834e815 (commit) via e52c242486f9e25b0b40e7f96198ca1c9fdb0c3b (commit) from c95b80d5d9718df73f6474be0a8657eae8450de9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit defbfa29079e30a30544b1439f4e49fed98bd32c Author: Mason James <mtj at kohaaloha.com> Date: Thu Jun 25 06:38:30 2015 +1200 Bug 14408 (3.16/3.14) regex fix for .tmpl files too (cherry picked from commit 04d1d375b1a6c9fa40d5df9559d6bd72ccf7d44d) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit c3d5ded6ec06f3f2f7de8bec8850ce5a78774c54 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Mon Jun 22 10:24:51 2015 +0200 Bug 14408: Allow integers in template paths Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> (cherry picked from commit f7912f86edfae2bbf55f60cb99388113baa2752e) Conflicts: C4/Auth.pm commit d7fc8ddc4626824b0cebfc0734bcc600cc3a9d8b Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Fri Jun 19 10:25:30 2015 +0200 Bug 14408: Add tests to get_template_and_user Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Mason James <mtj at kohaaloha.com> (cherry picked from commit 5aaa108274712440c98b92efdbad8657dccfad24) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> commit e6835bc1fd9785bf8ed8121aefaffbf9aa3e9e85 Author: Chris <chris at bigballofwax.co.nz> Date: Mon Jun 22 05:23:52 2015 +0000 Bug 14408 Path Traversal error Counter counter patch Please test well, including with the null byte %00, this uses a whitelisting to only allow files ending with .tt and not allowing ../etc Note the previous patch tries to protect against /etc/passwd but //etc/passwd is now vulnerable. I do think a whitelist is safer than trying to do a blacklist /cgi-bin/koha/svc/virtualshelves/search /cgi-bin/koha/svc/members/search Are vulnerable To test: 1/ Hit /cgi-bin/koha/svc/members/search?template_path=members/tables/members_results.tt Notice you get a valid JSON response 2/ Hit /search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd (You may have add more ..%2f or remove them to get the correct path) Notice you can see the contents of the /etc/passwd file 3/ Hit /cgi-bin/koha/svc/members/search?template_path=test%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd 4/ Apply patch 5/ Hit the first url again, notice it still works 6/ Hit the second url notice it now errors with a file not found 7/ Hit the third url notice it now errors with a file not found Repeat for the other script also Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Mason James <mtj at kohaaloha.com> (cherry picked from commit 9d7b5b843943b87d52c1cdd1e39da7afff5d4982) Signed-off-by: Fridolin Somers <fridolin.somers at biblibre.com> Conflicts: C4/Auth.pm commit 789593dcbc1664a65d5b4a5e889747ea6834e815 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Thu Jun 25 09:35:39 2015 +0200 Revert "Bug 14408 Path traversal vulnerability" This reverts commit 7c6ec195181b5cea3f108285f16afb1cd1654783. commit e52c242486f9e25b0b40e7f96198ca1c9fdb0c3b Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Thu Jun 25 09:35:37 2015 +0200 Revert "Bug 14408: Add tests to get_template_and_user" This reverts commit 6977b5b27fc2cc6d04fbbc71ec171a23f5e71f94. ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 5 ++--- t/db_dependent/Auth.t | 38 +++++++++++++++++++++++++------------- 2 files changed, 27 insertions(+), 16 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 25 19:47:42 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 25 Jun 2015 17:47:42 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-256-gf194bca Message-ID: <E1Z8BFW-0005EJ-F7@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via f194bca26891a338761f5a4041b0886f87631e27 (commit) via 69baa022a587ffd9df2bc065a0e8e72c14cf7c4f (commit) via 08871a324fa731ffdbbe87afde1ee145c604a22b (commit) via f1acb5615d0cbcba5db5b84e12fbad3d41454347 (commit) via 015c26a5e36dae5070eab57f400237715d93ae44 (commit) from 186b635a75c4e67b20d6fd80d9fee3a8cb3cd2cb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f194bca26891a338761f5a4041b0886f87631e27 Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Tue Jun 16 19:25:58 2015 +0200 Bug 14002: Display readonly values as plain text There is no need to display the cardnumber and expiration date values in a disabled input. Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit 69baa022a587ffd9df2bc065a0e8e72c14cf7c4f Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Wed Jun 10 00:52:39 2015 +0200 Bug 14002: Show patron expiry date in OPAC This patch makes it possible to show the expiration date of a patron account in the OPAC on the details tab in the patron account. Extras: - Makes it possible to hide cardnumber with PatronSelfRegistrationBorrowerUnwantedField To test: - Toggle OPACPatronDetails and test date expiry always shows - Check PatronSelfRegistrationBorrowerUnwantedField for dateexpiry and cardnumber - Verify a patron address modification request still works as expected Signed-off-by: Aleisha <aleishaamohia at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Kyle M Hall <kyle at bywatersolutions.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit 08871a324fa731ffdbbe87afde1ee145c604a22b Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Wed Jun 24 11:03:22 2015 +0200 Bug 14440: get_template_and_user can not have an empty template_name (quote*_ajax.pl) This patch uses check_api_auth instead of get_template_and_user. Test plan: Confirm that you are still able to access to the quote editor with the edit_quotes permission. Confirm that you are not if you don't have the permission. wget your_url/cgi-bin/koha/tools/quotes/quotes_ajax.pl should return "403?: Forbidden." Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit f1acb5615d0cbcba5db5b84e12fbad3d41454347 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 17:45:30 2015 +0200 Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl) Since Bug 14408, the method get_template_and_user can not have an empty template_name. Pages calling with an empty value should use C4::Auth::checkauth() This patch corrects opac/opac-ratings.pl Test plan : - Apply patch - Set sysopref OpacStarRatings to 'results and details' - Disable Javascipt on your browser (otherwise it will use ajax) - Login at OPAC - Go to a record - Click on a button left of 'Rate me' to choose a rating, ie 4 - Click on 'Rate me' => The page is reloaded and you see 'your rating: 4' - Loggout from OPAC - Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl => You see the loggin page Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit 015c26a5e36dae5070eab57f400237715d93ae44 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 16:45:21 2015 +0200 Bug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl) Since Bug 14408, the method get_template_and_user can not have an empty template_name. Pages calling with an empty value should use C4::Auth::checkauth() This patch corrects acqui/updatesupplier.pl Test plan : - Apply patch - Connect to intranet with a user having "vendors_manage" permission - Go to acquisition module - Create a new vendor - Click on "Edit vendor" - Change some information and save => Your change is saved - Connect to intranet with a user not having "vendors_manage" permission - Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl => Access is denied - Disconnect from intranet - Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl => Access is denied Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> ----------------------------------------------------------------------- Summary of changes: acqui/updatesupplier.pl | 11 ++-------- .../opac-tmpl/bootstrap/en/modules/opac-detail.tt | 1 - .../bootstrap/en/modules/opac-memberentry.tt | 13 ++++++++++-- opac/opac-ratings.pl | 22 ++++++-------------- tools/quotes/quotes-upload_ajax.pl | 16 ++++++-------- tools/quotes/quotes_ajax.pl | 16 ++++++-------- 6 files changed, 31 insertions(+), 48 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 25 23:02:26 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 25 Jun 2015 21:02:26 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-2-gaf52d82 Message-ID: <E1Z8EHy-0006EM-QW@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via af52d82223bdb75bd38cd91799f61fce880fdd45 (commit) from dd5cf241cb9f867d9c85e6e40685f2ccd9ff5e3d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit af52d82223bdb75bd38cd91799f61fce880fdd45 Author: Liz <wizzyrea at gmail.com> Date: Wed Jun 24 09:52:05 2015 +0000 Bug 14450: itemsearch no longer working To test: Click Advanced search in staff client Click the link for "Go to Item Search" at the top of the page Do a search, you should get results. Try some combinations and make sure it works like it should. Signed-off-by: Jacek Ablewicz <abl at biblos.pk.edu.pl> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> (cherry picked from commit f900ea03bf15746bd2c310b59f2fb06972f6bdee) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: catalogue/itemsearch.pl | 4 ++-- .../en/modules/catalogue/{itemsearch.csv.tt => itemsearch_csv.tt} | 0 .../modules/catalogue/{itemsearch.json.tt => itemsearch_json.tt} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/{itemsearch.csv.tt => itemsearch_csv.tt} (100%) rename koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/{itemsearch.json.tt => itemsearch_json.tt} (100%) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 25 23:06:14 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 25 Jun 2015 21:06:14 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-6-gdd8d7b1 Message-ID: <E1Z8ELe-0006GK-B0@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via dd8d7b1b6fdfb12c1277babd78bc93e01fe7566b (commit) via 3d8af819a84847b35ad08e62ba137d3febd878dd (commit) via 42024a93c8d5074bf287cdf000f2752baefc62b2 (commit) via a5a83285dac791df92e90c1540c36fc3a2a8606a (commit) from af52d82223bdb75bd38cd91799f61fce880fdd45 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit dd8d7b1b6fdfb12c1277babd78bc93e01fe7566b Author: Jonathan Druart <jonathan.druart at koha-community.org> Date: Wed Jun 24 11:03:22 2015 +0200 Bug 14440: get_template_and_user can not have an empty template_name (quote*_ajax.pl) This patch uses check_api_auth instead of get_template_and_user. Test plan: Confirm that you are still able to access to the quote editor with the edit_quotes permission. Confirm that you are not if you don't have the permission. wget your_url/cgi-bin/koha/tools/quotes/quotes_ajax.pl should return "403?: Forbidden." Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 08871a324fa731ffdbbe87afde1ee145c604a22b) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 3d8af819a84847b35ad08e62ba137d3febd878dd Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 17:45:30 2015 +0200 Bug 14440: get_template_and_user can not have an empty template_name (opac-ratings.pl) Since Bug 14408, the method get_template_and_user can not have an empty template_name. Pages calling with an empty value should use C4::Auth::checkauth() This patch corrects opac/opac-ratings.pl Test plan : - Apply patch - Set sysopref OpacStarRatings to 'results and details' - Disable Javascipt on your browser (otherwise it will use ajax) - Login at OPAC - Go to a record - Click on a button left of 'Rate me' to choose a rating, ie 4 - Click on 'Rate me' => The page is reloaded and you see 'your rating: 4' - Loggout from OPAC - Try to access URL : http://<serveur>/cgi-bin/koha/opac-ratings.pl => You see the loggin page Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit f1acb5615d0cbcba5db5b84e12fbad3d41454347) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 42024a93c8d5074bf287cdf000f2752baefc62b2 Author: Fridolin Somers <fridolin.somers at biblibre.com> Date: Tue Jun 23 16:45:21 2015 +0200 Bug 14440: get_template_and_user can not have an empty template_name (updatesupplier.pl) Since Bug 14408, the method get_template_and_user can not have an empty template_name. Pages calling with an empty value should use C4::Auth::checkauth() This patch corrects acqui/updatesupplier.pl Test plan : - Apply patch - Connect to intranet with a user having "vendors_manage" permission - Go to acquisition module - Create a new vendor - Click on "Edit vendor" - Change some information and save => Your change is saved - Connect to intranet with a user not having "vendors_manage" permission - Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl => Access is denied - Disconnect from intranet - Try to access <intranet>/cgi-bin/koha/acqui/updatesupplier.pl => Access is denied Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 015c26a5e36dae5070eab57f400237715d93ae44) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit a5a83285dac791df92e90c1540c36fc3a2a8606a Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 26 09:07:58 2015 +1200 Revert "bug 14440 - work around for empty tt filenames" This reverts commit dd5cf241cb9f867d9c85e6e40685f2ccd9ff5e3d. ----------------------------------------------------------------------- Summary of changes: acqui/updatesupplier.pl | 11 ++-------- .../opac-tmpl/bootstrap/en/modules/opac-detail.tt | 1 - opac/opac-ratings.pl | 22 ++++++-------------- tools/quotes/quotes-upload_ajax.pl | 16 ++++++-------- tools/quotes/quotes_ajax.pl | 16 ++++++-------- 5 files changed, 20 insertions(+), 46 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Thu Jun 25 23:13:47 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Thu, 25 Jun 2015 21:13:47 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-9-g2adb868 Message-ID: <E1Z8ESx-0006M7-A4@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 2adb8681f0c2dd8a5ceccca5c06ed88e10c337a9 (commit) via 74df5119fd696a9b42a76b07b8ae4964a3e3fb2f (commit) via 8c39cd1ab0c08f17ff48154208cd3ca97e2f0004 (commit) from dd8d7b1b6fdfb12c1277babd78bc93e01fe7566b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 2adb8681f0c2dd8a5ceccca5c06ed88e10c337a9 Merge: dd8d7b1 74df511 Author: Chris Cormack <chrisc at catalyst.net.nz> Date: Fri Jun 26 09:09:33 2015 +1200 Merge branch '3.20.2' into 3.20.x commit 74df5119fd696a9b42a76b07b8ae4964a3e3fb2f Author: Aleisha <aleishaamohia at hotmail.com> Date: Tue Jun 9 18:20:52 2015 +0000 Bug 11011: Rephrasing 'in keyword' in OPAC authority search Using 'in the complete record' rather than 'in keyword'. I think this fits well as it seems that this means the search looks anywhere in the record. To test: 1) In the OPAC, click on Authority Search 2) Notice that in the drop-down menu for the 'Where:' field, there is an 'in keyword' option. 3) Apply patch 4) Now says 'in the complete record' Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 892d374b64fa4eed98955d75b517702f78f1ca40) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> commit 8c39cd1ab0c08f17ff48154208cd3ca97e2f0004 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Sun Jun 7 23:45:10 2015 +0200 Bug 8686: Raise required version of URI::Escape to 3.31 Raises the minimum required version of URI::Escape from 1.36 to 3.31. TEST PLAN --------- 1) git branch -b bug_8686 origin/master 2) ./koha_perl_deps.pl -a | grep URI -- it will list 1.36 required 3) git bz apply 8686 4) ./koha_perl_deps.pl -a | grep URI -- it will list 3.31 required 5) koha qa test tools NOTE: Also default in Ubuntu 14.04 LTS, not just Wheezy as noted in comment #15. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signoff based on Nicole's comment (bug 9990 comment 6): "This stops happening if you upgrade URI::Escape to 3.31. We should make it clear in the Perl Modules page that an upgrade is needed." Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 7c0c92807f49ef61aa975e84cf26d42f7dfa425f) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: C4/Installer/PerlDependencies.pm | 2 +- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-authorities-home.tt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Fri Jun 26 02:59:59 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Fri, 26 Jun 2015 00:59:59 +0000 Subject: [koha-commits] main Koha release repository annotated tag v3.16.12 deleted. v3.16.11-21-g3925084 Message-ID: <E1Z8Hzr-0007nY-C0@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The annotated tag, v3.16.12 has been deleted was 148c2eb1b11f408332523065ad5cc727ada019c8 - Log ----------------------------------------------------------------- 39250849fecdb125c53e4b5424fa70316dce3393 Bumping DB version for 3.16.12 ----------------------------------------------------------------------- hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Fri Jun 26 03:02:44 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Fri, 26 Jun 2015 01:02:44 +0000 Subject: [koha-commits] main Koha release repository annotated tag v3.16.12 created. v3.16.12 Message-ID: <E1Z8I2W-0007pC-4v@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The annotated tag, v3.16.12 has been created at 3780a6605107b887ab8a51ae7bd05c1841f1af52 (tag) tagging 04d1d375b1a6c9fa40d5df9559d6bd72ccf7d44d (commit) replaces v3.16.11 tagged by Mason James on Fri Jun 26 13:04:02 2015 +1200 - Log ----------------------------------------------------------------- Koha Release 3.16.12 Aleisha (2): Bug 14360: Unescaped variable causes alert Bug 14360: Unescaped variable causes alert pop-up Bernardo Gonzalez Kriegel (1): Translation updates for Koha 3.16.12 release Chris (8): Bug 14423 : XSS in authorities-home Bug 14423 : XSS bug in lateorders Bug 14423 XSS bug in auth_subfields_structure Bug 14423 : XSS issues in marc_subfields_structure Bug 14423 : XSS bugs in catalogue search Bug 14423 : Multiple XSS vulnerabilities in serials-search Bug 14423 : Multiple XSS bugs in suggestion.pl Bug 14408 Path Traversal error Chris Cormack (5): Bug 14418 XSS Vulnerabilities Bug 14418 : XSS flaw in opac-shelves.pl Bug 14418 : More XSS vulnerabilities in opac-shelves.pl Bug 14416 Stored XSS vulnerability Bug 14412 : SQL injection possible Jonathan Druart (6): Bug 14416: (follow-up) opac addbybilionumber Bug 14416: Stored XSS vulnerability - add biblio to shelf (intranet) Bug 14408 Path traversal vulnerability Bug 14408: Add tests to get_template_and_user Bug 14408: Add tests to get_template_and_user Bug 14408: Allow integers in template paths Mason James (6): Add release notes for 3.16.12 Bumping DB version for 3.16.12 update notes Revert "Bug 14408: Add tests to get_template_and_user" Revert "Bug 14408 Path traversal vulnerability" Bug 14408 (3.16/3.14) regex fix for .tmpl files too ----------------------------------------------------------------------- hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Fri Jun 26 20:11:03 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Fri, 26 Jun 2015 18:11:03 +0000 Subject: [koha-commits] main Koha release repository branch master updated. v3.20.00-258-g936d452 Message-ID: <E1Z8Y5f-00072t-2V@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, master has been updated via 936d452ffaedb1405d15b503ef2454decb91d77f (commit) via 8e04ea7282d730bfe3f617d0c296a63ede53c547 (commit) from f194bca26891a338761f5a4041b0886f87631e27 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 936d452ffaedb1405d15b503ef2454decb91d77f Author: Tomas Cohen Arazi <tomascohen at unc.edu.ar> Date: Fri Jun 26 15:10:55 2015 -0300 Bug 11882: (QA followup) fix capitalization errors Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> commit 8e04ea7282d730bfe3f617d0c296a63ede53c547 Author: simith <simith at inlibro.com> Date: Thu Feb 26 13:21:21 2015 -0500 Bug 11882: Add a new button to the checkout confirmation dialog when checking out a reserved item This patch adds a "Don't Check Out and Print Slip" button to the dialog that appears when trying to checkout a reserved item. Test case : * Put a hold on an item for User A. * Try to check out it item with User B. * The "Please confirm checkout" box should appear. The "Don't Check Out and Print Slip" button should appear in this box. * Click on the "Don't Check Out and Print Slip" button. * A print popup will appear Signed-off-by: Nick <Nick at quechelibrary.org> Followed test plan, works as expected. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> ----------------------------------------------------------------------- Summary of changes: circ/circulation.pl | 7 +++++++ .../prog/en/modules/circ/circulation.tt | 21 ++++++++++++++++++++ 2 files changed, 28 insertions(+) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 29 11:28:55 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 29 Jun 2015 09:28:55 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-10-gd8ba662 Message-ID: <E1Z9VN1-0004k9-QT@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via d8ba662479f1f81013500ab8e5d42add394f4889 (commit) from 2adb8681f0c2dd8a5ceccca5c06ed88e10c337a9 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d8ba662479f1f81013500ab8e5d42add394f4889 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Mon Jun 8 03:18:35 2015 +0200 Bug 11467: Bug Untranslatable srings in opac-detail.tt (IDreamBooks*, OpacBrowseResults) Patch marks several strings in the Javascript on the OPAC detail and result page for translation. 1) IDreamBooks* - Activate the 3 IDreamBooks* system preferences - Check the 'cloud' and additional content shows up correctly on the detail and result pages - Verify everything works as expected and the same as without the patch 2) OpacBrowseResults - Activate OpacBrowseResults - Do various searches - Verify the nex, previous, browse result list features still work the same as without the patch Bonus: Check new strings appear in the .po files by updating one language with the patch applied (perl translate update de-DE) NOTE: Really should have read the test plan more closely. I couldn't find the 'Go to detail:' section, until I clicked 'Browse results'. Signed-off-by: Mark Tompsett <mtompset at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 7ab873aaea298c787e93438012fa8792345664f4) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> Conflicts: koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt ----------------------------------------------------------------------- Summary of changes: koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-detail.tt | 8 ++++---- koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-results.tt | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 29 11:31:46 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 29 Jun 2015 09:31:46 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-11-gbfc381f Message-ID: <E1Z9VPm-0004nf-SF@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via bfc381f1e275275a2c3e38015e29befe1bad65f2 (commit) from d8ba662479f1f81013500ab8e5d42add394f4889 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit bfc381f1e275275a2c3e38015e29befe1bad65f2 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Mon Jun 8 05:04:56 2015 +0200 Bug 13427: jQuery Timepicker is not translated on returns page The returns page was missing an include with the translated strings. To test: - Install an additional language, like de-DE - Confirm the bug on the returns page - Make sure SpecifyReturnDate is activated - Open the datepicker, look at the time settings - Apply the patch - Reinstall the language, no update of the po files is needed - Retest - Verify, that now the time settings are translated Signed-off-by: Josef Moravec <josef.moravec at gmail.com> Works as expected Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 688452ad7e9131a53a96bd826e6228e73494fa53) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> ----------------------------------------------------------------------- Summary of changes: koha-tmpl/intranet-tmpl/prog/en/modules/circ/returns.tt | 1 + 1 file changed, 1 insertion(+) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 29 11:37:25 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 29 Jun 2015 09:37:25 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-14-gf7dd4d6 Message-ID: <E1Z9VVF-0004pm-2O@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via f7dd4d6aef41de85deebe2fac014c18ab1e0d0b7 (commit) via c8e48b280a46f90f5d8cc004ba1222db5f69e076 (commit) via 114e3cae1a9a4613894492960eb5268c29c1999f (commit) from bfc381f1e275275a2c3e38015e29befe1bad65f2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit f7dd4d6aef41de85deebe2fac014c18ab1e0d0b7 Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Tue Mar 24 17:01:30 2015 +0100 Bug 4137: Fix the OPACViewOthersSuggestions behavior This pref does not work at all, the interface let the user choose to list all suggestions, but whatever he chooses the suggestion list is the same. This patch cleans a bit the suggestedby management. There are a lot of cases to test, because linked to 2 prefs: AnonSuggestions and OPACViewOthersSuggestions. 1/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 0 - A non logged in user is not able to make a suggestion. - A logged in user is not able to see suggestions made by someone else. 2/ AnonSuggestions = 0 and OPACViewOthersSuggestions = 1 - A non logged in user is not able to make a suggestion. - A logged in user is able to see suggestions made by someone else. 3/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 0 - A non logged in user is able to make a suggestion. The suggestedby field will be filled with the AnonymousPatron pref value. He is not able to see suggestions, even the ones made by AnonymousPatron. - A logged in user is not able to see suggestions made by someone else. 4/ AnonSuggestions = 1 and OPACViewOthersSuggestions = 1 - A non logged in user is able to make a suggestion. He is able to see all suggestions. - A logged in user is able to see suggestions made by someone else. In all cases a logged in user should be able to search for suggestions (except if he is not able to see them). Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> All use cases tested, work as expected No errors Only comment is perhaps (in the future) a gracefull failure when AnonymousPatron is not set, or has '0' value Message is DBIx::Class::ResultSet::create(): Column 'suggestedby' cannot be null at ... Signed-off-by: Katrin Fischer <katrin.fischer.83 at web.de> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit be35039b55a351c97f2c1f9a5b373cb26ac5e0b0) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> commit c8e48b280a46f90f5d8cc004ba1222db5f69e076 Author: Jonathan Druart <jonathan.druart at biblibre.com> Date: Wed Apr 22 12:14:24 2015 +0200 Bug 10866: Hide patron's history if intranetreadinghistory is set to not allow If set to "not allow", the intranetreadinghistory pref prevent staff members to access patron's checkout history. But: 1/ The page is still accessible if you know the url 2/ The history can be consulted on the item history page Test plan: 0/ Don't apply this patch 1/ Set the intranetreadinghistory to allow 2/ Go on a patron's checkout history page 3/ Open a new tab and go on a item's checkout history page 4/ Set the intranetreadinghistory to not allow 5/ Refresh both pages => no change 6/ Apply this patch 7/ Refresh both page. On the first page, you should see a warning On the other one, you should see that the patron column is not displayed anymore. Followed test plan, results were as expected. Signed-off-by: Marc V?ron <veron at veron.ch> http://bugs.koha-community.org/show_bug.cgi?id=10886 Signed-off-by: Katrin Fischer <katrin.fischer at bsz-bw.de> Nice addition! Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit d847b1d92a9df6db2bb5321f032f3ec13d6ba55d) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> commit 114e3cae1a9a4613894492960eb5268c29c1999f Author: Magnus Enger <magnus at libriotech.no> Date: Wed Jun 17 14:36:44 2015 +0200 Bug 14403: Remove warn in Koha::NorwegianPatronDB Line 99 has an unconditional warn, left over from development: warn "$combined_username => $combined_password"; This patch deletes the line i question. To test: No testing needed, just have a look at the diff and see that it makes sense to delete the warn. Signed-off-by: Indranil Das Gupta (L2C2 Technologies) <indradg at gmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit b740b1b412e11b1d540b243e7b1767cc0c1cb962) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> ----------------------------------------------------------------------- Summary of changes: C4/Auth.pm | 1 - Koha/NorwegianPatronDB.pm | 1 - .../prog/en/modules/catalogue/issuehistory.tt | 26 +++++---- .../prog/en/modules/members/readingrec.tt | 4 +- .../opac-tmpl/bootstrap/en/includes/usermenu.inc | 12 ++--- .../bootstrap/en/modules/opac-suggestions.tt | 57 ++++++++++++-------- opac/opac-suggestions.pl | 46 +++++++++++----- 7 files changed, 90 insertions(+), 57 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 29 11:43:24 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 29 Jun 2015 09:43:24 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-15-gc6b3165 Message-ID: <E1Z9Vb2-0004uo-0i@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via c6b3165eb87f4a122b3e1bfb5b4455bd394bc93a (commit) from f7dd4d6aef41de85deebe2fac014c18ab1e0d0b7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit c6b3165eb87f4a122b3e1bfb5b4455bd394bc93a Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Tue Jun 9 02:32:46 2015 +0200 Bug 14215: Change the 'delimiter' syspref description for its wider use Patch changes 'report files' to 'CSV files' as there are more options now for downloading and creating CSV files where this preference is taken into account. To test: - Verify the changed system preference description for 'delimiter' is correct. Signed-off-by: Marc V?ron <veron at veron.ch> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 2eaeb708795e7624eb8873b617d4a38d69fa84fc) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> ----------------------------------------------------------------------- Summary of changes: koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 29 11:47:35 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 29 Jun 2015 09:47:35 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-16-g556b40c Message-ID: <E1Z9Vf5-0004xP-E2@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 556b40c16d2a5f306b77bc2b4d9558f088733884 (commit) from c6b3165eb87f4a122b3e1bfb5b4455bd394bc93a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 556b40c16d2a5f306b77bc2b4d9558f088733884 Author: Katrin Fischer <Katrin.Fischer.83 at web.de> Date: Wed Jun 10 00:11:19 2015 +0200 Bug 11458: Improve confusing description of syspref 'gist' The description of "gist" was: "Default tax rates are ... (enter in numeric form, 0.12 for 12%. First is the default. If you want more than 1 value, please separate with |) " The doubled use of "default" is confusing here. With the patch it reads: Tax rates are ... Enter in numeric form, 0.12 for 12%. The first item in the list will be selected by default. For more than one value, separate with | (pipe) To test: - Verify that the gist system preference description is correct. The use of "default" is confusing here. Signed-off-by: Aleisha <aleishaamohia at hotmail.com> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 6c94fe52f954f93916993f71c472b068096806da) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> ----------------------------------------------------------------------- Summary of changes: .../prog/en/modules/admin/preferences/acquisitions.pref | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 29 11:56:44 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 29 Jun 2015 09:56:44 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-18-g12d6a16 Message-ID: <E1Z9Vnw-000539-Pt@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 12d6a163a9123c6dc88714a521dc05c8a22d32b6 (commit) via 4ee0cbf5a179b2b103fbfd285ba0c076a140e732 (commit) from 556b40c16d2a5f306b77bc2b4d9558f088733884 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 12d6a163a9123c6dc88714a521dc05c8a22d32b6 Author: Nicole C. Engard <nicole at bywatersolutions.com> Date: Fri Jun 19 11:32:18 2015 -0500 Bug 14424: Tools Help Files for 3.20 This patch updates and adds help files to 3.20+ To test: * Visit batch record modification and note that there is a help file and confirm the text is right * Visit export data, import borrowers, stage marc for import, and log viewer * Confirm updated text is right Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 469275fef5f4cfd7b251cd0a8ba2b53009b10f03) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> commit 4ee0cbf5a179b2b103fbfd285ba0c076a140e732 Author: Nicole C. Engard <nicole at bywatersolutions.com> Date: Fri Jun 19 11:08:56 2015 -0500 Bug 14424: Admin Help Files for 3.20 This patch updates some of the help files for Admin areas in 3.20+ To test: * Visit * Frameworks, add field, add subfield * Column settings * Patron attributes * Circ rules * Confirm help loads up and is right Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit d3983e563ffbce5c3276108c5840394bcb7b8593) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> ----------------------------------------------------------------------- Summary of changes: .../prog/en/modules/help/admin/biblio_framework.tt | 181 +++++++++++++++++++- .../prog/en/modules/help/admin/columns_settings.tt | 8 +- .../modules/help/admin/marc_subfields_structure.tt | 120 ++++++------- .../prog/en/modules/help/admin/marctagstructure.tt | 15 +- .../en/modules/help/admin/patron-attr-types.tt | 1 + .../prog/en/modules/help/admin/smart-rules.tt | 12 +- .../help/tools/batch_record_modification.tt | 30 ++++ .../prog/en/modules/help/tools/export.tt | 2 +- .../prog/en/modules/help/tools/import_borrowers.tt | 14 +- .../en/modules/help/tools/stage-marc-import.tt | 36 ++-- .../prog/en/modules/help/tools/viewlog.tt | 2 - 11 files changed, 310 insertions(+), 111 deletions(-) create mode 100644 koha-tmpl/intranet-tmpl/prog/en/modules/help/tools/batch_record_modification.tt hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Mon Jun 29 11:57:55 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 29 Jun 2015 09:57:55 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-19-ge034cb2 Message-ID: <E1Z9Vp5-00055E-0M@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via e034cb22b73034e1c0f675d577704c5eb7935259 (commit) from 12d6a163a9123c6dc88714a521dc05c8a22d32b6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit e034cb22b73034e1c0f675d577704c5eb7935259 Author: Mark Tompsett <mtompset at hotmail.com> Date: Fri Jun 19 11:24:57 2015 -0400 Bug 14425: Typo in C4::Context IsSuperLibrarian perldoc TEST PLAN --------- 1) git checkout -b bug_14425 origin/master 2) perldoc C4::Context /IsSuperlibr -- see it is bad. 3) apply patch 4) perldoc C4::Context /IsSuperLibr -- see it is fixed. 5) koha qa test tools. Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Fix typo, no errors. Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> % git grep -i IsSuperLibrarian|wc -l 55 % git grep IsSuperLibrarian|wc -l 55 Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 2b255be22c919b11d690f4dcf8a5e84e93290878) Signed-off-by: Chris Cormack <chris at bigballofwax.co.nz> ----------------------------------------------------------------------- Summary of changes: C4/Context.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hooks/post-receive -- main Koha release repository From gitmaster at git.koha-community.org Tue Jun 30 01:26:55 2015 From: gitmaster at git.koha-community.org (Git repo owner) Date: Mon, 29 Jun 2015 23:26:55 +0000 Subject: [koha-commits] main Koha release repository branch 3.20.x updated. v3.20.01-20-g75b5f80 Message-ID: <E1Z9iRz-0003U1-Ah@git.koha-community.org> This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "main Koha release repository". The branch, 3.20.x has been updated via 75b5f804155ccb1af4e0b185e4742e414c61f2d9 (commit) from e034cb22b73034e1c0f675d577704c5eb7935259 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 75b5f804155ccb1af4e0b185e4742e414c61f2d9 Author: Eivin Giske Skaaren <eskaaren at yahoo.no> Date: Fri Jun 19 13:08:29 2015 +0200 Bug 14421: Corrected example in SMS.pm to working version with hashref. Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel at gmail.com> Test: 1) Apply patch 2) perldoc C4/SMS.pm 3) Check fixed argument in example Argument is hashref, POD is now right Added additional space on second arg No errors Signed-off-by: Jonathan Druart <jonathan.druart at koha-community.org> Signed-off-by: Tomas Cohen Arazi <tomascohen at unc.edu.ar> (cherry picked from commit 0cb82c8d02cc4b672b169c8b0261c4bb6360cd00) Signed-off-by: Chris Cormack <chrisc at catalyst.net.nz> ----------------------------------------------------------------------- Summary of changes: C4/SMS.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- main Koha release repository