Add release notes for the 16.11.03 security release

Bug 17902: Follow-up fixing SQL statement

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 40cb8e3b7579987d0d461e8da6e350228722727c)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17902: Fix possible SQL injection in serials editing

/cgi-bin/koha/serials/serials-edit.pl?serstatus=*/+,2,3,'2016-12-12','2016-12-12',6,'jjj7','jjj8'%20--%20-&subscriptionid=1+and+1%3d2+Union+all+select+111+/*

The SQL query is not constructed correctly, placeholders must be used.
Subscription id and status list can be provided by the user.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f42dbd67d1b960906fd2b98560e7e3724452bce9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Increment version for 16.11.03 security release

Bug 9569: Security patch for AutoLocation

If a patron is not allowed to access the staff interface because its IP
address in the authorised range of IPs, the cookie should not contain
the CGISESSID.
If it is, the patron is logged in and will be able to access the staff
interface if he reload the page (or hit another one).

Test plan:
Confirm the that AutoLocation feature is now working as expected.

Note: It seems that this feature has never really worked as intended.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 93cc0956a923e94663ae74d1f435604844536571)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 9569: Update warning message

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7afddcb157a8d8e27cfdee3cdbeb0eae483aa24c)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 9569: Do not check the IP for login at the OPAC

At the OPAC, the AutoLocation feature should not be taken into account:
login to the OPAC from outside the IP range should work

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit af0af36bb9a520c31c31067b9b68fd565eef0e63)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 9569: Remove unused occurrence of AutoLocation

`git grep ManualLocation` does not return any results

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 936b23e17a4b7d76d94be276ed1ceb9be8872299)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 9569: AutoLocation should not depend on IndependentBranches

Those 2 prefs can be independent and it does not make sense to consider
AutoLocation only if IndependentBranches is set.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit acabdc87c9a883e36def78dcff6fccb4980d35ab)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 9569: Fix AutoLocation - handle .* for subnets

The example in branches.tt is:
  Can be entered as a single IP, or a subnet such as 192.168.1.*

But actually the regex in C4::Auth does not handle subnets.

Test plan:
0/ Apply all the patches
1/ Switch AutoLocation on
2/ Define a subnet (192.168.0.* if your ip is like 192.168.0.X) in the IP
range of your library
3/ Log in on the staff interface
=> Should work

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a8fdac38d8a1cf9e996195c5b04702d1d2eaa106)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17905: FIX CSRF in member-flags

If an attacker can get an authenticated Koha user to visit their page
with the url below, privilege escalation is possible

The exploit can be simulated triggering
    /cgi-bin/koha/members/member-flags.pl?member=42&newflags=1&flag=superlibrarian

Test plan:
Trigger the url above
=> Without this patch, 42 is now superlibrarian
=> With this patch, you will get the "Wrong CSRF token" error.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0c3c162f767f5587f5fad7375151f8efca3689b3)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17904: Fix possible SQL injection in late orders

To recreate:
/cgi-bin/koha/acqui/lateorders.plop=send_alert&ordernumber=1)and%20(select*from(select(sleep(20)))a)--%20&letter_code=0

Notice the delay.

The SQL query is not constructed correctly, placeholders must be used.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b0bb1b0aa60071950a39b1c1b9e9ec145b304086)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17903: Fix possible SQL injection in serial claims

To recreate:
/cgi-bin/koha/serials/claims.pl?serialid=1)and%20(select*from(select(sleep(20)))a)--%20&letter_code=0

Notice the delay.

The SQL query is not constructed correctly, placeholders must be used.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 179ff58b0980f348821c727c2fa79a5eca310901)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17901: Force context to scalar

See bug 15809 for more references.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cb4fa17a2712d04590d218635913bfe794510615)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17901: Fix possible SQL injection in shelf editing

It has been reported that
/cgi-bin/koha/opac-shelves.pl?op=edit&referer=view&shelfnumber=146&owner=4&shelfname=testX&sortfield=titleaaaaaa\`&category=1

Could lead to SQL injection
Actually it explodes because the generated SQL query is not correctly formated.

However it would be good to limit the possible values for sortfield.

This vulnerability has been reported by MDSec.

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 45cffd874c62c7b090390c5fb3c955c31f524608)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17900: Update the tests to the new API

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 42460b871472d2a408bc38a747fd375062af4d7e)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17900: Fix possible SQL injection in patron cards template editing

To recreate:
/cgi-bin/koha/patroncards/edit-template.pl?op=edit&element_id=23%20and%201%3d2+union+all+select+1,user(),@@version+--%20

Look at the Profile dropdown list.

To fix this problem and to make sure it does not appears anywhere else
in the label and patroncards modules, I have refactored the way the
queries are built in C4::Creators::Lib
Now all of the subroutine takes a hashref in parameters with a 'fields'
and 'filters' parameters.
From these 2 parameters the new internal subroutine _build_query will
build the query and use placeholders.

Test plan:
1/ Make sure you do not recreate the vulnerability with this patch
applied.
2/ With decent data in the labels and patroncards modules, compare all
the different view (undef the New and Manage button groups) with and
without this patch applied.
=> You should not see any differences.

This vulnerability has been reported by MDSec.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a70980d8255a66c33539926796c06b29b26fbb40)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17986: Perl dependency evaluation incorrect

It looks like I made a copy/paste error in a previous patch.

While the fix was working when you pass the param "module" to
version_info, it wasn't populating the version correctly
for the "all" param, which causes koha_perl_deps.pl to
think all OK modules actually need an upgrade.

TEST PLAN

0) Be on a system where you know your Koha Perl dependencies are
mostly up-to-date

1) Run ./koha_perl_deps.pl -a -c
2) Note that most modules say they need an upgrade even when
the installed version is the same as the minimum version

3) Apply patch

4) Run ./koha_perl_deps.pl -a -c
5) Note that most moduls say they're OK, especially when the
installed version is the same or greater than the minimum version

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Running koha_perl_deps.pl -u convinced me.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4ff78a9a0da486d7f267d1e252f3628ec1a5f149)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Add release notes for the 16.11.02 release

Fix broken ar-Arab staff po file

Set one string fuzzy in the file and on pootle.

misc/translator/po/ar-Arab-staff-prog.po:8944: 'msgstr' is not a valid C format string, unlike 'msgid'.
Reason: The character that terminates the directive number 18 is not a valid conversion specifier.

Increment version for 16.11.02 release

Translation updates for Koha 16.11.02

(cherry picked from commit dfc3e1db682b9fbb7c3046f6432f1b74a3fca29b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17899 - Show only mine does not work in newordersuggestion.pl

Bug 12775 added a link "Show only mine" in newordersuggestion.pl.
This does not work, no results.

Also corrects the fact that click must not do default action by adding e.preventDefault().

Test plan :
- You must have suggestions you have accepted
- Create a new order from suggestion : /cgi-bin/koha/acqui/newordersuggestion.pl
- Click on Show only mine
=> Without patch the table is empty showing "No matching records found"
=> With patch you see only suggestions you have accpeted

Signed-off-by: Zoe Schoeler <crazy.mental.onion@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1104e61635e2d567c89587c28fd9a24b4f262037)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17920: t/db_dependent/Sitemapper.t fails because of permissions

The directory it attempts to create an xml file may not be writable for
the user running the test. By changing the directory from the current
directory to a temporary one, the test runs. After all 'chmod 777
t/db_dependent' is a bad idea.

TEST PLAN
---------
1) sudo koha-shell "prove t/db_dependent/Sitemapper.t" kohadev
   -- fails
2) apply patch
3) sudo koha-shell "prove t/db_dependent/Sitemapper.t" kohadev
   -- succeeds
4) run koha qa test tools

Tested without qa tools
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 7401d9422be26c5ff900269a10e70c9ca4364de6)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17808: Fix behavior when editing a circ rule

The original behavior is broken, see https://stackoverflow.com/questions/21410484/jquery-selector-to-find-out-count-of-non-empty-inputs

Test plan:
Edit a circ rule
=> Without this patch you get a useless message
=> With this patch, no message
Edit a circ rule with content in inputs
=> With or without this patch you get a useful message

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5a9ffa92cecf69ec44450da9676cfbdb0f7d9fa1)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17909: QA followup: remove unused var and move global var

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e3a12e517a9039fa93b8b57e0adedbad5f0e9153)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17909: [Follow-up] Quick fix for UNIMARC

UNIMARC inserts field 100. This interferes the field count and order
in the test.
Note: This is a quick fix. Will polish it after bug 17913.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 9510b023300cfdd3a560d06b0bdb5944d43d3d5c)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17909: Followup - fix typos

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

EDIT:

Adjusted three small typos that did not disturb the test in its current
form, but do when we are fixing bugs on bug 17913.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b5a95937e695dec4a7ecbff6f65d795af9ee029b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17909: Additional polishing

No spectacular things:

[1] Move the framework modifications to a sub. Use same style to create auth types and linked fields.
[2] Change some new Object occurrences to Object->new.
[3] Add tests for field count and field order in the first two subsets.
[4] Few whitespace changes (sorry) and comment lines.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4457d2e64c30f95fc79e306023e271ee7274b740)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17909: Add tests for merging with another authtype

Originally aimed for bug 9988. Adjusted in line with other subtests.
Will polish the three subtests a little more on a follow-up.

Test plan:
Run t/db_dependent/Authorities/Merge.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a7c2fc75054e81ca8909e05b6c2cfd6b9ba7293b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17909: Adding tests from bug 11315

Based on original patch from Maxime Beaulieu on bug 11315.
Amended by Marcel de Rooy on report 17909.

EDIT:

Original tests have been adjusted in view of:
[1] Test on bug 11315 heavily leaned on DBD::Mock. Since we are
    using Test::DBIx::Class on such tests now, this would need attention.
    Moreover, the advantage of mocking the database in this case is at
    least arguable.
[2] Matching the first (somewhat older) subtest of 11700.
[3] Simplification and readability.
    Look e.g. at the use of $MARCto and $MARCfrom on 11315.

This made me merge them in the db_dependent counterpart.

Also note that this subtest adds another needed test case: the merge from
auth1 to modified auth1, while 11700 tested auth1 to auth2.

Test plan:
Just run t/db_dependent/Authorities/Merge.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b89be0d72fb24752bf5a2d939b15f90e6f23017d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17909: Add unit tests for C4::AuthoritiesMarc::merge

Original patch from Julian Maurice on bug 11700.
With sign offs by:
Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Amended by Marcel de Rooy on report 17909.

EDIT (January 2017):
Removed some tests not related to merge.
Put remaining tests in a subtest, made them working on current merge.
Slightly revised the mocking.

Note: I plan to move the zebra retrieval stuff outside merge in one of
the next stages, and replace it by calling Koha::SearchEngine. This will
reduce mocking complexity here.

Test plan:
Just run t/db_dependent/Authorities/Merge.t

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d4de65c21f4671b3fbbaf6d00904fe1753a8ae9a)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17880 - Use version.pm to parse version numbers in C4::Installer::PerlModules

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b732963e2f91a54894f12cd5fd964c21e1c6f533)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17880 - Add test to check version number comparison

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2321ae0d796fa6b13cde8f321b6c697cc48a5437)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17917: [AMENDED] Fix path issue in t/db_dependent/check_sysprefs.t

EDIT (from Marcel):

Previous patch fixes issue caused by Search.t.
This patch still adds some small changes to check_sysprefs.t.

Signed-off-by: Grace McKenzie <grace.mcky@gmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 743dbe3e6423f51ae93477ef58a9d696661bf2cd)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17917: [QA Follow-up] Reprove Search.t

The config tweaks from Search.t break check_sysprefs.t later on.
Clearing the cache resolves that.

Test plan:
[1] Run prove t/db_dependent/Search.t t/db_dependent/check_sysprefs.t (in
    one statement) before and after applying this patch.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
A prove t/db_dependent did not fail check_sysprefs.t (only skipping two
tests: 00-strict.t and Koha/IssuingRules.t; not enough patience)

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b5c2b6510761dad352c814d801cda47aa6161ae8)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17615 - Fix unit tests

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6d2ce70a479367530ef7973251e799e7be6f44db)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17615 - Fix updating borrower attributes in checkpw_ldap

Signed-off-by: Oliver Bock <oliver.bock@aei.mpg.de>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e331a9c0d061f586f50db7ac27390417c74aec48)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 7143: [QA Follow-up] Handling tabs

Editing spaces before releases and developer:
876,$s/  \+releases$/^Ireleases/ (20 substitutions)
876,$s/  \+developer$/^Ideveloper/ (7 substitutions on 7 lines)

Editing spaces between date and text:
876,$s/2016  \+/2016^I/
876,$s/2017  \+/2017^I/
Fixed a few single spaces too.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Display on Timeline tab looks good now.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d379be5de02b60b55408b42394c2ff1dae0113c5)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 7143: [QA Follow-up] Correcting dates for first patch pushed

The date first patch pushed is not the date the patch was written. The
Bugzilla reports tell us when the patch got actually pushed.
Adjusting the developer numbers accordingly.
Authors radiuscz and Radek Siman are actually the same person.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d7e01a8c33b480a9faef027397d04fde0d8e37e2)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 7143: Update about.tt with new devs

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a9f883456bee020737e38004de3386d3f617c866)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 7143: Update history file

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5d333a80925473d3b9943f7de37cd8eb224263c8)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17469: Fix number of values

Will fix
  ERROR 1136 (21S01) at line 57: Column count doesn't match value count at row 2

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2ce4b1635d24179fb3d5b11459045d86b9cf977e)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17469: Follow-up adding hold print notice

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c7dc340d639bf53abc204c96d3ffc8154db16069)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17469: Add missing sample notices to fr-CA web installer

Adds missing notices to the fr-CA web installer:
- MEMBERSHIP_EXPIRY
- PASSWORD_RESET
Renames RESERVESLIP to HOLD_SLIP

TEST PLAN
---------
1) Apply the first patch
2) prove xt/sample_notices.t
   -- it should fail for fr-CA.
3) Apply the second patch
4) prove xt/sample_notices.t
   -- it should pass.
5) run all tests (prove t; prove xt)
   -- they should generally pass
6) run koha qa test tools

NOTE: Split test patch from fix patch, so could prove problem
      exists easily.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Caitlin Goodger <caitlingoodger.student@wegc.school.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b37b22a4fd7aa3f4a59a1c541aae2fcd5b9cbd1f)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17469: Add missing sample notices fr-CA test

Add fr-CA installer to xt/sample_letter.t

To test:
- Verify xt/sample_letter.t test checks fr-CA now and
  fails for just fr-CA.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Caitlin Goodger <caitlingoodger.student@wegc.school.nz>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 3c09fefb1dd3c8728404ef641f95885e61a674f4)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 15460 Adding spaces after subfields c and h of 245

Test Plan
1: Add something inside c and h of 245 on a Bibliographic Record. There won't be a space between
the c and h
2: This will occur on both the search results and the details pages of
the record in both the intranet and opac.
3: Apply the patch
4: Refresh and see that there is now a space between c and h.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8fcfdf6853267d81f644e8f32f647dc192f5ab86)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17931: Remove unused vars from reserves_stats

Change to Modern::Perl.
Remove null_to_zzempty and add a few blank lines between subs.
Remove unused vars: $podsp, $type, $daysel, $monthsel and $mime.
Removing trailing 1;

Test plan:
Run a few reports from reports/reserves_stats.pl

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Emma Smith <emma.nakamura.smith@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Wrongly pasted from reports/issues_stats.pl initially

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 639489f48f5285ec7990a01b8e991719edf45af4)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17891: Remove extra div tag in the housebound module

This fixes the menu layout issue.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 36a637974b6f17b083d3b19616c3b8cf5fa7e4c9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17924 - Fix error in password recovery

To test:

- Set OpacResetPassword = allowed
- Make sure you have a user with a username and email
- Go to the OPAC and make sure you are not logged in
- Click on the "Forgot your password?" link
- Fill in "Login" and "Email" and click on "Submit"
- You will get an error that says:

Undefined subroutine &C4::Letters::GetPreparedLetter called at
/home/vagrant/kohaclone/Koha/Patron/Password/Recovery.pm line 142.

- Apply the patch
- The steps above will have added your user to the borrower_password_recovery
  table in the database. Delete it from there to make sure you start a
  fresh reset request.
- Repeat the steps above and notice that the error is gone. You should
  get a nice message instead that says "An email has been sent to [your
  email]".
- Sign off

Signed-off-by: Zoe Schoeler <crazy.mental.onion@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b43b79156f179094ed16a896f0bf0b3d39b4af7d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17777: koha-remove should deal with temporary uploads

If the temporary upload folder exists, it should be discarded when
removing an instance. If we do not, it may/will create problems when
recreating the same instance.

A function in koha-functions.sh is added to determine the temp directory
instead of hardcoding /tmp.

Test plan:
[1] Copy koha-functions.sh to /usr/share/koha/bin
[2] Run koha-create --create-db newinstancexx
[3] Run mkdir /tmp/koha_newinstancexx_upload (if /tmp is your temp!)
[4] Run debian/scripts/koha-remove newinstancexx
    Do not run the regular one, but verify that you use the updated one.
[5] Check that /tmp/koha_newinstancexx_upload is gone.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Karen Jen <karenliang.student@wegc.school.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2c40579077b67d4203665b7e6ecdb749235456a4)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17914: Do not try and add the updated_on columns to the borrowers and deletedborrowers table

Bug 10459 has been backported and the DB entry (add borrowers.updated_on and
deletedborrower.updated_on) is now played in
  - 16.06.00.027
  - 16.05.00.002
  - 3.22.08.001

This will raise a MySQL warning if the column already exists.
  DBD::mysql::db do failed: Duplicate column name 'updated_on'

Since bug 17234 we have now a subroutine (C4::Installer::column_exists) to test
if a column exists.
When a DB entry modifying the DB structure is backported, it HAS TO check if the
column, constraint or table exists before executing the query.

Test plan:
git checkout 3.22.x (16.05.x or 16.11.x)
install Koha
git checkout master
execute the installer
=> Without this patch you will get a warning when adding borrowers.updated_on)
=> With this patch, you should not get it

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2b303129b82a5134f04c24907c05bf863603fef7)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17799: MARC bibliographic frameworks breadcrumbs broken for Default framework

To test:
1) Go to Admin -> MARC frameworks -> Default framework actions -> MARC
structure
2) Click New tag
3) Notice the breadcrumbs say '()' instead of 'Default MARC framework'
or something more appropriate
4) Apply patch and refresh page
5) Confirm breadcrumbs are now filled correctly
6) Go back to tag structure and try deleting a tag (Actions -> Delete)
7) Confirm breadcrubs are filled correctly

Sponsored-by: Catalyst IT

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fdc15cb7623ed2ed8cd2d0b3fcfbd96d90f59041)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17879: Use image filename if no image name is entered

This patch changes the code to use the filename of the uploaded image if
no specific image name is entered.

To test:
1) Go to Tools -> Patron card creator -> Manage images
2) Upload an image and leave the image name field empty
3) Notice this works and 'Name' is left empty.
4) Apply patch and refresh page
5) Upload an image and leave the image name field empty
6) Notice the image name is given the filename so that 'Name' is no
longer empty.

Sponsored-by: Catalyst IT
Signed-off-by: Claire Gravely <claire_gravely@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d3752c85dc2f5af974ec2fe4585efa8510302968)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17794: Menu items in Tools menu and Admin menu not showing bold when active but not on linked page

To reproduce:
admin-menu
1) Go to a page like admin/categories.pl
2) Click New Category
3) Notice Patron categories in the sidebar menu is no longer bold
tools-menu
4) Go to a page like reviews/reviewswaiting.pl
5) Notice bold Comments in sidebar menu
6) Click Approved Comments tab
7) Notice no longer bold in sidebar menu
To test:
8) Apply patch and refresh page
9) Follow above steps to reproduce bug, confirm that active links are
always bold
10) Test with other links to confirm nothing has broken
Special cases
11) Go To admin -> MARC bibliographic frameworks -> Actions for any
framework -> MARC structure
12) Confirm sidebar menu link is still bold
13) Go to admin -> Authority types -> Actions for any auth type -> MARC
structure
14) Confirm sidebar menu link is still bold
15) Click Actions for any tag -> Subfields
16) Confirm sidebar menu link is still bold
17) Go to admin -> OAI sets config -> Actions for any set -> Define
mappings
18) Confirm sidebar menu link is still bold

Sponsored-by: Catalyst IT
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit bee87e4f61d6f515bee20ab1792b4ca76605c0e9)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17778: Simplify fetch date

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c69e6faa983fa87412927f6f0a640d5eb07d0f93)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17778 - Make "Earliest Registered Date" in OAI dynamic

This was hardcoded to 0001-01-01.

To test:
- Make sure you have a couple of records, with different timestamps
- Enable OAI-PMH
- Check http://localhost:2201/cgi-bin/koha/oai.pl?verb=Identify
  and verify that "Earliest Registered Date" is 0001-01-01
- Apply the patch
- Re-check the "Earliest Registered Date" and verify that it is now
  the lowest timestamp in your biblio table
- Manipulate the timestamps and verify that "Earliest Registered Date"
  changes accordingly
- Sign off!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ff711c48cfa02c7b6ab09fe22f699a872420db8d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17265 - Make koha-create-defaults less greedy

koha-create-defaults substitutes the instance name with the placeholder
__KOHASITE__ in the SQL file that it creates. If the instance name is
something common, like "data", this means that way too many substitutions
will be made, and when koha-create uses the SQL file as a template, broken
data can be the result.

The solution in this patch was suggested by drojf on IRC.

To test:
- Create an instance called "data"
- Run "sudo koha-dump-defaults data > test.sql"
- Take a look at test.sql and verify there are way too many occurences
  of __KOHASITE__, like "-- Dumping __KOHASITE__ for table `accountlines`"
- Apply the patch
- Copy the resulting koha-create and koha-dump-defaults to somewhere
  running off the packages
- Run "sudo koha-dump-defaults data > test.sql" again and verify there
  are only 4 occurrences of __KOHASITE__, in places that make sense
- Create an instance with something like:
  $ gzip test.sql
  $ sudo koha-create --create-db --defaultsql test.sql.gz test17265
- Verify that you have a working Koha install

Signed-off-by: Andreas Roussos <arouss1980@gmail.com>
Works as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ae8223e333201d264b19bf6ed9e91c10c94349ad)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17766 - Patron notification does not work with multi item holds

This patch fixes notification when same biblio has multiple reserves with same borrower,
introduced in Bug 14695. C4::Reserves::ModReserveAffect uses internal method
_koha_notify_reserve but sends itemnumber and biblionumber instead of record_id.

To test:
Prerequisites:
- One biblio with two items attached
- A patron with hold_filled notification activated
- A letter for HOLD with <<reserves.reserve_id>> in it
1) Place two reservations on same biblio
2) checkin item x on pickup branch, observe patron message generated
3) checkin item y on pickup branch, observe patron message generated
4) note that reserve_id is the same on both messages, which is wrong
5) apply this patch and repeat 1-3
6) now observe notifications have correct (different) reserve_id

Signed-off-by: Hugo Agud <hagud@orex.es>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5a08969a71dc27562a1a22af809673a8727f5c82)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17725: Same for textarea when cloning a field

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 87bbe7e18b19b774fe80d0a9c3e0a9bb494a861d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17725: Do not copy subfield's content when cloning

To replicate:
- Open an existing record in your catalog
- Create another field or subfield of a field/subfield already used using the icon to repeat it
- Verify that the content is copied over
- Verify this happens for input (one line) and textare (multiple lines)

I can't make this happen for when creating a new record, but more consistently on editing existing records.

This is rather annoying when cataloguing in Koha, as the cataloguer has to empty the field first and that adds an extra step for each repeated field.

Test plan:
Confirm than the content is not copied when you clone a field or a subfield.

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e12b080a4cc1131fd55810e1c18d0217e0ef765a)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17817: (Follow up) Fix reordering subfields issues

Authority controlled subfields have invisible divs which produced
a strange behavior when reordering (multiple clicks were needed
to push a subfield up over an authority controlled subfield)

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c7a02725808ba029a28a178ff2ffe9045a9842b0)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17817: Fix cloning subfields using select2

Based on Jonathan's patch (the DO NOT PUSH one), I put together this fix.
What was changed is that select2 is reinitialized only after the cloned element
has been appended to the DOM (so that select2 can correctly calculate the field's
width). Also, I changed the selectors that searched for the line divs (for reordering)
and for the subfield's input element (for erasing the field's value) to be more specific,
since select2 introduced divs that broke some assumptions about the expected HTML structure

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
I confirm that these 2 patches fix the add item and mod biblio views as
well as the batch item modification tools.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit cc26863d355fb9524ed90aba7c03c53115641900)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17234: Need to separate KEY and FOREIGN KEY checks

In the previous patch we use the constraint_exists subroutine to verify
if an index or a foreign key exists.
But the `SHOW INDEX` query does not return foreign keys (as its name
suggests!).
We need another subroutine foreign_key_exists to check the FK existence.

I have found that because t/db_dependent/TestBuilder.t fails on
oai_sets_biblios, because oai_sets_biblios_ibfk_1 has not been removed.

Test plan:
0/ Do not apply this patch
1/ Use a 3.20 DB
2/ update the DB
3/ SHOW CREATE TABLE oai_sets_biblios
will display oai_sets_biblios_ibfk_1

Apply the patch and repeat 1, 2, 3
=> Will not display oai_sets_biblios_ibfk_1
It has been removed as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 05fdd855c8da85d3be27d42721f6a544b0145e57)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17234: Test the column and constraint non-existence

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 435b7badc22d9c05cb16623d6f423206992ec476)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17234: Two new functions lack tests

This adds two tests to t/db_dependent/Installer.t

TEST PLAN
---------
1) Apply patch
2) prove -v t/db_dependent/Installer.t
   -- column and constraint tests were added.
3) run koha qa test tools

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8938631f38bb22456424219d3c3453493df6f848)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17234: Move new subroutines to C4::Installer

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0b15c5e2cc5d5a84b062c5c5738fe54ab5df98ab)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17234: Add constraint_exists and column_exists to updatedatabase.pl

These 2 subroutines will help us deal with the absense of ALTER IGNORE
TABLE

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c08922180e83b0222dc3d54a292aaf49cc15000a)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17234: Follow up to handle new problems

Bug 16276 added two more ALTER IGNORES. This removes them.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4ea484677e7049ddb835fcc6d6f24a801f2eb6ba)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17234 - updatedatabase.pl's ALTER IGNORE break with mysql 5.7.4+

The doc says: "As of MySQL 5.7.4, the IGNORE clause for ALTER TABLE is removed and its use produces an error."
This fix replaces ALTER IGNORE with ALTER in updatedatabase.pl

To TEST, try an upgrade from 3.18 to 3.22 after installing the latest mysql (at least 5.7.4, by the doc).
Some will fail with error

DBD::mysql::db do failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IGNORE TABLE aqbasket
            ADD KEY authorisedby (authorisedby)' at line 1 [for Statement "
        ALTER IGNORE TABLE aqbasket
            ADD KEY authorisedby (authorisedby)
    "] at ./installer/data/mysql/updatedatabase.pl line 10563.

0) Find a database on 3.18, save it.
1) Set your code base to 3.22(or master)
2) run updatedatabase.pl
3) See the errors.
4) Apply the patch
5) Reload the 3.18 database
6) succeed with updatedatabase.pl

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit acf425bbbcb8c22f3655472f90285869c3ad7164)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 14610 [QA Followup] - Minify opac.css

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 6b0562eee87e80532d6abb423177c76062be84cc)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17830: CSRF - Handle unicode characters in userid

If the userid of the logged in user contains unicode characters, the token
will not be generated correctly and Koha will crash with:
  Wide character in subroutine entry at /usr/share/perl5/Digest/HMAC.pm line 63.

Test plan:
- Edit a superlibrarian user and set his/her userid to '❤' or any other strings
with unicode characters.
- Login using this patron
- Search for patrons and click on a result.

=> Without this patch, you will get a software error (with "Wide
character in subroutine entry" in the logs).
=> With this patch, everything will go fine

You can also test the other files modified by this patch.

Signed-off-by: Karam Qubsi <karamqubsi@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 4e40339db3209c913c79b935067e139b470255cc)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17820: use ->find instead of search->next

From C4::Auth:
  my $patron = Koha::Patrons->search({ userid => $userid })->next;

This should be replaced with
  my $patron = Koha::Patrons->find({ userid => $userid });

userid is a unique key

Caught with NYTProf:
 # spent 78.9ms making 1 call to Koha::Objects::next

Test plan:
Login at the intranet
Reload the page
=> You must still be logged in

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested by enabling TrackLastPatronActivity and logging in again.
Verified lastseen column in borrowers.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit af171f9b21da8fa1c22754caa541e826ffeee529)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 15711: Follow up batch_id not used

Changed batch_id to image_id in the template, as the multiparam
would catch the array case.

TEST PLAN
---------
1) attempt to delete a selected item, but get a warning.
2) apply this follow up
3) attempt to delete a selected item, it deletes.
4) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2ee5cd27129d487fee26987118a8675033139c53)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 15711: Fixing the 'Delete selected' button on patroncard images

To test:
1) Go to Tools -> Patron Card Creator -> Manage images
2) Upload an image if you haven't already
3) Click Delete selected without selecting any images
4) Notice broken behaviour as described in Description
5) Apply patch, refresh page
6) Click Delete selected without selecting any images
7) Notice alert. Click OK
8) Select one image or more, click Delete selected
9) Notice confirm delete message.

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit bd3879e037727cdc2cc851aa910c68bd257ee6f4)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17785: Fix OAI-PMH's XSLT-generated URLs under Plack

Look at e.g. the URL for Show More at the end of the output of Records or
Identifiers. If you use Plack, you will see that it refers to
yourserver:/opac/oai.pl, which is not correct.

This is caused by using CGI's self_url in combination with script alias,
mounting point, etc. Note that we cannot solve this problem in the code of
Koha only. Since HTTP::OAI modules also call self_url, we still end up
with some wrong url's.

Instead of a larger architectural operation on Apache and Plack config files,
this patch adjusts the final xslt transformation on the OAI response.
It hardcodes the correct path only once, in a xslt variable. And replaces
all oai:OAI-PMH/oai:request/text() calls, containing wrong URLs, by this
variable.

Test plan:
Run oai.pl. Try the various verbs.
Verify that the URLs point to /cgi-bin/koha/oai.pl.

Edit: changed commit subject

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Works as expected. Good workaround until a definitive solution is implemented.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1b492938e4eee4d1babe26417cfbf69cede2b844)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17781 - Improper branchcode set during renewal

For no discernable reason, when AddIssue calls AddRenewal, it passes the
branchcode generated from _GetCircControlBranch. Assume
_GetCircControlBranch is set to return items.homebranch. So:
1) If an item owned by LibraryA is checked out at LibraryB, the
  statistic line branchcode will be LibraryB
2) If an item is renewed via the ajax datatables renewal function, the
  statistic line branchcode will be LibraryB the
3) If an item is renewed via scanning the item into the checkout again,
  statistic line branchcode will be *LibraryA*

This is clearly improper behavior. The renewal is taking place at
LibraryB, so the branchcode passed to AddRenewal should be LibraryB,
the logged in library. This also jives with the documentation for
the subroutine.

Test Plan:
1) Set CircControl to "the library the item is from" aka ( ItemHomeLibrary )
2) Set HomeOrHoldingBranch to 'The library the items is from" ( aka homebranch )
3) Create item with homebranch of LibraryA and holdingbranch of LibraryB
4) Set the logged in library to LibraryB
4) Check the item out to a patron at LibraryB
5) Note the statistics line has a branchcode of LibraryB
6) Check the item out again to trigger a renewal, renew the item
7) Note the statistic line has a branchcode of LibraryA!
8) Apply this patch
9) Repeat step 6
10) Note the statistics line has a branchcode of LibraryB!

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: David Kuhn <kuhn@monterey.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2c67648093b9e7479b1dd1135c80ada2d46aee7c)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17742: Use TestBuilder to create the library and patron category

Moreover we do not need to remove the existing issues and patrons

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 853d355576698d1643080ef37b797e937338a1f8)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17742: Fix t/db_dependent/Patrons.t

Moves the getting of testing date for updated_on just after the storing
the test patron data to make the gap between generating data and now
date as short as possible

Fixes test 7

Use Koha::Database instead of C4::Context->dbh

Test plan
1. prove t/db_dependent/Patrons.t
2. read the diff

NOTE: Only minor improvement could be using test builder to
      generate the category and branch codes, rather than assume
      data exists. However, that is beyond scope of this bug.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5c2618d653f6a8fe4b220f1ca986c8d6c58264e3)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17246: Do no support arrayref to define multiple FK

Currently you can call GetPreparedLetter like:

$prepared_letter = GetPreparedLetter(
    (
        module      => 'test',
        letter_code => 'TEST_HOLD',
        tables      => {
            reserves => [ $fk1, $fk2 ],
        },
    )
);

It assumes that $fk1 is a borrowernumber and $fk2 a biblionumber.
It seems hazardous to do this guess.

I suggest to remove this feature and only allow hashref indeed.

Test plan:
Use different way to generate letters and make sure you do not reach the croak

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ea7bd9c4ada6eb6f03d37e43cce89d1431293761)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 14637: Followup - Fix number of tests due to rebase

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 0747a11b2648a20fcca9d3f5e02a4b3b9270b3f3)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 14637: Fix add patron category under MySQL 5.7

If no dateofbirthrequired or upperagelimit is set on the interface, the
->store method will receive an empty string defined for these values.
For INT field, we must explicitely set these empty value to undef
instead to avoid MySQL 5.7 (and strict mode) to raise:
  DBD::mysql::st execute failed: Incorrect integer value: ' for column
'dateofbirthrequired''

Test plan:
Using MySQL 5.7 (and/or sql_mode=STRICT_TRANS_TABLES)
Create a patron category without specifying upperagelimit or
dateofbirthrequired

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit a28334aeceba9ea8fcfcd301c4c01f473110bbe3)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 14637: Fix add patron category under MySQL 5.7 - tests

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 5ea0b70dad5213292cb678f38a8b93e5118bdf4d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 15415 [QA Followup] - Make code more readable

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 8e68e41df448e9bde7baf69ebab2646d2138cca4)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 15415: Warn when creating a new print profile

As per Jonathan's comment in Comment 3, I've put that line of code in an
if statement that will only call the get_attr method if we are editing
an existing profile (therefore the profile id will exist).

To test:
1) Go to Tools -> Patron Card Creator -> New printer profile
2) Notice warn
3) Apply patch
4) Refresh page
5) Confirm warn is gone and page still works as expected

Sponsored-by: Catalyst IT

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 47e80e899aca7c79aaeb58350401a1963fbe709d)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16933 - Update documentation/help file.

Updates help documentation about Alt+W to open renew tab.

To test: Go to circulation help page, open help file and see that new
line mentioning Alt+W.

Signed-off-by: Jesse Maseto <jesse@bywatersolutions.com>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit f15eb9d5f534489585f2819ccbce43e6ddc95511)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16933 - Alt-Y not working on "Please confirm checkout" dialogs

This patch changes the keyboard shortcut for renew from Alt+y to Alt+w.

To test:
1) Press Alt+y when you get a "Please confirm checkout" dialog.
2) The renew tab is selected instead of confirming the dialog.
3) Apply the patch and refresh your browser to load the change.
4) Repeat step one.
5) Alt+y confirms the checkout, Alt+w selects the renew tab.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer@bsz-bw.de>

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fc676f4130b399b2f69878760e699c6d01fd262a)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Add release notes for the 16.11.01 release

Bug 16914: Remove unused empty_lines.inc file

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 0b915fbd9735d2585944253fc5230fdb7417fb80)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16914: Rely on TT for newlines

The translation scripts have an historical tendency to chomp newlines
and we introduced an empty_line.inc file to force newlines when building
CSV output out of our templates (in item search and late orders).

This patch makes the mentioned templates use TT ability to force newlines
plus some misuses of the 'minus' sign.

Test plan:
- Apply the patch
- Do an item search that returns more than one result
- Export as CSV
=> SUCCESS: The CSV file is correctly formed.
- Install any translation:
  $ sudo koha-shell kohadev
 k$ cd kohaclone/misc/translator
 k$ perl translate install <chosen language>
- Enable <chosen language> (e.g. es-ES)
- Repeat the item search
- Export as CSV
=> SUCCESS: The CSV file is correctly formed in your chosen language.
- Have more than one late orders (bummer)
- Go to late orders
- Choose them
- Export as CSV (in english)
=> SUCCESS: The CSV file is correctly formed.
- Switch language
- Go to late orders
- Choose them
- Export as CSV (in english)
=> SUCCESS: The CSV file is correctly formed in your chosen language.
- Sign off :-D

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 152ce671eca4b5d74329b518d9d71106f4e60c84)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Increment version for 16.11.01 release

Translation updates for Koha 16.11.01

(cherry picked from commit 6115b6f486a8704586fa907bea7c3b57b0580ab3)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17743: Item search - Fix indexes build on MARC

Searching items by custom search fields does not work because these
fields are not correctly processed in JS.

In case of custom search field, the parent of the option is not the
select but the optgroup element.

Test plan:
Create a custom search field on 245$c for instance
On the items search form, select this field and launch a search
=> Without this patch, the results will not be filtered and you will get
all your items
=> With this patch applied, the results should be correctly filtered

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit c86a9e4d300fe746fe542e38a60148de6501f7a6)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16951: Replace some more

In order to avoid warnings in the logs, $cgi->param should be forced to
scalar context

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit e16ec2fcdb8bf67c507591386f94b9d024fec596)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16951: Fix Item search sorting

Caused by
  commit ac5a1bfececb5400a77f0ebad90181f5215d5a85
    Bug 16154: CGI->multi_param - Manual changes

The change was wrong, we wanted to retrieve a scalar (the string), not
an array.
We want to retrieve a string with the different column' names, not an
array of 1 element.

Test plan:
Launch an item search and play with column sort

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 2184fa6ab1a7449857df15894c8de075aac729ec)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17692: Remove 'CGI::param called in list context' warnings

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 00591b2e091b5810b86aa47720501bdaa9695ccf)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17692 - Can't add library EAN under Plack

When adding a library ean under plack, there is an "internal server
error" when running Plack. Tested with Koha 16.11 release.

Test Plan:
1) Apply this patch
2) Enable Plack
3) Add, Edit and Delete a Library EAN

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit ffcac846ad125534c0008291d53f094cfde6cc4b)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17761 - Renewing or returning item via the checkouts table causes lost and damaged statuses to disappear

Due to the fact that the lost and damaged status are contained within the due_due span,
when the item is renewed or returned these statuses disappear.
Some librarians find this disconcerting and it seems that it would be better to keep the visible.

Test Plan:
1) Find a lost item checked out to a patron
2) Renew that lost item via the checkouts table
3) Notice the lost status disappears from that row
4) Apply this patch
5) Refresh the page ( you may want to clear your browser cache as well )
6) Renew the item again
7) The lost status should remain visible!

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Edie Discher <edischer@cityoffargo.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 97eb773c0a4054f0538c8966e207734f6f56bdd5)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17652: opac-account.pl does not include login branchcode

opac-account.pl does not include the login branchcode, whereas the other pages
available to users (opac-user, opac-memberentry, opac-passwd, opac-readingrecord,
opac-suggestions, opac-messaging, opac-shelves, etc.) on login DO provide
the login branchcode. Having the login branchcode available on opac-account.pl
would facilitate customization of the OPAC for individual branches.

To test:
1) Login to the OPAC and open  /cgi-bin/koha/opac-account.pl
2) Inspect the body tag and observe the class attribute does not include
   the login branchcode.
3) Apply the patch.
4) Repeat step 2.
5) Observe that the login branchcode is present.

Signed-off-by: Alex Buckley <alexbuckley@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 1bfcebfb7fa0837428fb577a6fc059886fe37afb)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 17681: Exiisting typos might thow some feees when recieved

Yes, we are fixing these four typos here.

Test plan:
[1] Read the changes.
[2] Run t/Auth_with_shibboleth.t
[3] Run git grep recieved| grep -v -e 'recievedlist' | grep -v -e 'serials-recieve.tt'

Note: serials-recieve.tt is just history. Bonus points for the one who makes
us get rid of that column recievedlist.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>

EDIT:
Rebased. Change in Accounts has been corrected already.
Removed the po file.

Signed-off-by: Jonathan Druart <jonathan.druart@biblibre.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit b5c1a965b165093fb66a5db356da84b4a62bf9a6)
Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>