git.equinoxoli.org Git - koha.git/log

Increment version for 3.22.6 release

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Translation updates for Koha 3.22.6

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Update release notes for 3.22.6 release

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16296 - Fix records displaying in virtualshelves

Test plan:
- Empty OPACXSLTResultsDisplay system preference,
- select a virtual shelf in the dropdown list "Lists" on navigation bar
(Or create one and add records),
- check that records are correctly displayed (title, author, publisher
etc...).

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Display is now correct
No errors

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 8c807b9466b005b2094320d7fabf07e9e91d3607)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16317 - Attempt to share private list results in error

When sharing a private list, the the receiver of the share link will get
the following error when they are logged in and try to click the link:

DBIx::Class::Storage::DBI::_dbh_execute(): Unknown column 'sharedate
desc' in 'order clause' at /home/koha/kohaclone/Koha/Objects.pm line 150

Test Plan:
1) Create a private list
2) Share that list to another account
3) Log in as the other account
4) Click the link in the email you recieved
5) Note the error
6) Apply this patch
7) Click the link again
8) You should see no error and be able to view the list!

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit ce47345c21930074a4ebf79f658d4a43b8944f6c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15757: Make GetLoanLength defaults to 0 instead of 21

GetLoanLength arbitrary defaulted to 21. The expected behavior seems to
be to default on 0 (loan will be dued today).

IMPORTANT NOTE: This patch will introduce a change in the behaviors for
configuration with a 0 in issuelength. Before this patch, the rule with
a issuelength==0 was skipped, now it's used!

Test plan:
1/ Do not define any rule: the due date will be today (before this patch
was +21 days)
2/ Define some rules which does not match the patron category, itemtype
or branchcode: the due date will be today (before this patch was +21
days).
3/ Modify a rule to match the checkout and set issuelength=0: the due
date will be today (before this patch, the rule was skipped)
4/ Modify this rule and set the issuelength to something > 0: the due
date will be adjusted (same behavior as before this patch)

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works ok, checked 1-4
All test pass
No koha-qa errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit 769728015cea465bbb47d27f69077962a8f2429d)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15757: Make issuelength default to null instead of 0

When editing circ rules, if the Loan period "issuelength" is not defined
(empty string), the default value was 0, not it's inserted in the DB as
NULL.

Test plan:
1/ Create or edit a circ rule
2/ Do not fill the Loan period column
3/ Save
=> Without this patch, the value was 0
=> With this patch it's now an empty string (in the DB it's set to NULL)

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Works as described.
No errors

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d46a664ef6b79f6ceee2c00629f5933b4eaedfc3)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15757: Add one test for GetLoanLength

The usual call (3 params) of this subroutine was not tested.

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit d83aff33c603d1ba4d16de53ad926bd93a09629b)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15930: Make patron searches defaulting on 'contain'

The default patron search types has changed from 'contain' to
start_with. Users consider it as a bug.
This patch revert the previous changes to default on 'contain'.

Test plan:
Search for patrons in different places (guarantor, checkout, patron
module, acquisition module, etc.) and confirm that the default is always
'contain'

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit a8491dc156db9d746b0f5ddd6175b66bf1bfa4ab)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16104: Remove warnings "used only once: possible typo"

Since bug 11998, the following warnings are raised:
Name "Tie::Hash::FIELDS" used only once: possible typo at /usr/share/perl/5.22/fields.pm line 135.
Name "Cache::RemovalStrategy::LRU::FIELDS" used only once: possible typo at /usr/share/perl/5.22/fields.pm line 135.
Name "Cache::RemovalStrategy::FIELDS" used only once: possible typo at /usr/share/perl/5.22/fields.pm line 135.

It comes from the Koha::Cache

103 if ( can_load( modules => { 'Cache::Memory' => undef } ) ) {

Test plan:
perl -wc C4/AuthoritiesMarc.pm
should return green

QA note: this may have an impact on performance but I have not found any other workarounds.

NOTE: I applied 15870 to master, got the error (-v 2 -c 5), applied 16104,
rebased it in front, error disappeared (still only -c 5), rebased it at the end,
and signed off 16104.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 6b319a2d487257e8a08bc26af9c6b2e7fa2ece2c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 1750 - Report bor_issues_top erroneous and truncated results.

Signed-off-by: Mason James <mtj@kohaaloha.com>

TEST PLAN
---------
1) Ensure you have some checkouts
2) Home -> Reports
        -> Patrons with the most checkouts
3) Click 'Submit'
   -- you get a list
4) Click a patron name.
5) Note the borrower number.
6) In MySQL run something like:
   > UPDATE borrower SET firstname=NULL WHERE borrowernumber=####
7) Refresh the report page
   -- name goes totally blank
8) apply patch
9) Refresh the report page
   -- only first name is lost
10) run koha qa test tools

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit b859739c2a6dc899176276022782ac3af7a0ad0c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16210: Set X-Frame-Options to SAMEORIGIN in 2 other places

The login page should not be displayed if the page is displayed in a
frame.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 6efa491d1b2f92fa407aa49c7b678f9b642fc83f)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16210: Revert OPAC changes from Bug 15111

This patch reverts the changes made at the OPAC from the following
patches:

Do not include the antiClickjack legacy browser trick for greybox"

Revert "Bug 15111: Do not include the antiClickjack legacy browser trick for greybox"
This reverts commit fc640d2a86f395ad392f84314bce22e8b4dab1fe.

Revert "Bug 15111: Change X-Frame-Options with SAMEORIGIN"
This reverts commit fb167c0e4b897bf9a93b4fd6176b15e2d4dbd4df.

Revert "Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks"
This reverts commit dc03bca76cf5b7cb48d98d1ce245fc65b98be929.

Setting X-Frame-Options to SAMEORIGIN is enough for mordern browsers:
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

The antiClickjack trick should be removed at the OPAC as we want to keep
the OPAC usable even if the user has disabled JS.
That means the OPAC will be vulnerable to XFS if a user is navigating
with a prehistoric browser:
Firefox 3.6.9 September 2010
IE 8    March 2008
Opera 10.5  March 2010
Safari 4  February 2009
Chrome 4.1.…  somewhen 2010

Test plan:
Confirm that there are no regression of bug 15111 with modern browsers

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit d496d03e8aa3079e0d29837b27b31b9a55afd02e)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15111: Do not include the antiClickjack legacy browser trick for greybox

Most of the scripts called via greybox (which uses iframe) don't include
doc-head-close. But some do.
This patch adds a popup parameter for these templates, not to include
the legacy browser trick and avoid the replacement of the location.

Test plan:
1/ Export patroncard and label
2/ translate itemtypes
3/ click on a idref link at the OPAC

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fc640d2a86f395ad392f84314bce22e8b4dab1fe)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15111: Change X-Frame-Options with SAMEORIGIN

There are some places where frames are used, the greybox JS plugin for
instance.

We need either to allow them from Koha or replace this plugin.
The easier for now is to switch the value from DENY with SAMEORIGIN.

Test plan:
- modify a record in a batch (tools/batch_record_modification.pl)
- click on preview marc
=> With only the previous patch you will get a blank page.
=> With this patch apply, it will work as expected.

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit fb167c0e4b897bf9a93b4fd6176b15e2d4dbd4df)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15111 - Koha is vulnerable to Cross-Frame Scripting (XFS) attacks

Web pages that can be embedded in frames are vulnerable to cross-frame
scripting attacks. Cross-frame scripting is a type of phishing attack
that involves instructions to an unsuspecting user to follow a specific
link to update confidential information in an online application.
Because the link leads to a legitimate page from the online application
that is embedded in a frame hosted by the attackers' server, the
attackers can capture all the information that the user enters.

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
(cherry picked from commit dc03bca76cf5b7cb48d98d1ce245fc65b98be929)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16224: Fix t/db_dependent/Reports_Guided.t

This test:

is( scalar @{ get_saved_reports( $report_ids[0] ) }, 1,
"filter takes report id" );

can fail when $report_ids[0] is a substring of some saved_sql fields
from other reports (reports that have a different id than
$report_ids[0]).
We can only be sure that get_saved_reports will return at least 1
report.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 08017f89f150394b6224fafb64fe8d12fc146ff1)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16179: Do not crash if "rate me" is clicked and not rate selected

If JS is disabled and a user clicks on the "Rate me" button, Koha will
crashes with:
DBIx::Class::ResultSet::create(): Column 'rating_value' cannot be null
at /usr/share/koha/lib/C4/Ratings.pm line 208

To avoid that, opac-ratings.pl will check if a rate has been selected.

Test plan:
Disable JS
On a record detail page, click on the "Rate me" button

TESTED PLAN:
1) go to /cgi-bin/koha/opac-ratings.pl?biblionumber=1
   -- kaboom as above.
2) apply patch
3) refresh
   -- either login screen (don't know why)
   -- or if already logged in, detail page.
4) koha qa test tool

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I tested successfully by temporarily removing the modification made by
Bug 16210.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit b679cac96409b7248f8e224e10c73dafa4c82890)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16055: Do not allow basketgroup deletion unless empty

If a basketgroup has basket attached, it should not be deletable.
This patch just removes the Delete button from the interface if it
cannot be deleted.
When editing a basketgroup, the "Delete basket group" button is no
longer displayed.

Test plan:
1/ Create a basketgroup
2/ Attach 1+ baskets to this basketgroup
3/ Confirm you are not able to delete it
4/ Remove the baskets from this basketgroup
5/ Confirm you are able to delete it

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit be33e1b46537d85b3d49abc076348916dd50004b)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15832: Remove empty string from the filters

On each cell, the split will generate a new empty entry.
This patch removes that entry.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 1931ff465317aa2bf8d31c0c817ff0c4d75ea8dc)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15832 - Fix filter and items split-up in pendingreserves.tt

Test plan:

- Go to circ/pendingreserves.pl (Ensure that there are biblios with many
items on different branches),
- Check the libraries filter at the bottom of datatable. There should be
duplicates.
- Apply this patch and return to circ/pendingreserves.pl,
- check that libraries filter should not contain duplicate,
- check that the filter works.

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 82be93af1ccbd3544646a6345ab51183a62d05cb)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Revert "Bug 15682 - Merging records from cataloguing search only allows to merge 2 records"

This reverts commit 584059a9b8947aa531ad21a04e23b5ebac6ab5a1.

Revert "Bug 15682 - Only allow merging of 2 or more records form lsits (for consistency)"

This reverts commit bde65f116cb2f7467e10f771e6368ccdf41fc578.

Bug 15682 - Only allow merging of 2 or more records form lsits (for consistency)

Test as above but on shelves.pl

Signed-off-by: Chris Cormack <chrisc@catalyst.net.z>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 9550e37fc66402500adf8bca7a1c90ee0104cdd0)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15682 - Merging records from cataloguing search only allows to merge 2 records

To test:
1 - Perform a cataloging search
2 - Attempt to merge 0 results - should fail
3 - Attempt to merge 1 resutls - should fail
4 - Attempt to merge 2 results - should succeed
5 - Attempt to merge 3 results - should succeed
6 - Test any other amount of records and if more than 1 it should
succeed

**Note: On shelves.pl you can merge a single record. I think that is
incorrect so made this only work for 2. Will add a followup to fix
shelves.pl

Signed-off-by: Chris Cormack <chrisc@catalyst.net.z>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 8f1e5ad95fd78cbf09028e3d2dfe0b2b77d4dd21)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15113: koha-rebuild-zebra should check USE_INDEXER_DAEMON and skip if enabled

This patch changes the behaviour of the koha-rebuild-zebra script in the following way:

USE_INDEXER_DAEMON=no
- Keeps the current behaviour

USE_INDEXER_DAEMON=yes
- It skips incremental indexing to avoid races.

Caveats:
- A --force option is introduced for useing in a specific situtation that might need it
(i.e. the administrator knows what he's doing).
- If --full is passed, the reindexing is not skipped.

The documentation files and messages are adjusted accordingly.

This patch should help users that want to use the indexing daemon, in which case they wouldn't need
to change their default 5 min cronjob (it will be just skipped). Ultimately, koha-common could have
USE_INDEXER_DAEMON = yes by default, but that's subject for another bug report.

To test:
- Play with the different option switches and USE_INDEXER_DAEMON
- Things work as expected
- Sign off

Regards

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as expected

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Your Full Name <your_email>
(cherry picked from commit 997ad166c6ea53d47e3e15e7720d63da9f3b0a80)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 14816: Fix multiple selection in item search

Send each selected value as a separate parameter. Otherwise DataTables
(or jQuery ?) joins all values with a comma

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

I could not reproduce the bug when selecting multiple home libraries,
but I could by selecting multiple item types or collection codes. The
patch allowed those queries to complete correctly.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 9aa8bf46f6b45ebcd342c09bd3a09ae55f3dd4a8)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16240: (follow-up for 16082) Do not display message if no borrowernumber passed

"This patron does not exist" message should not be displayed on the
"Checkouts home page". The message should only be displayed if the
borrowernumber parameter is passed.

Test plan:
Go on circ/circulation.pl
=> No message
Go on circ/circulation.pl?borrowernumber=424242
=> You should see the message

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit 8ec54c86feb92989807837d71f4c0a5e901e07e3)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16222: (QA followup) Add /api dir for the API

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit a96adaadb2c4bbf54ad8440164b73aa74a38cc96)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16222 - Add REST API folder to Makefile.PL

Add `api` folder to INTRANET_CGI_FOLDER in Makefile.PL so that the new
RESTFul API introduced in bug #13799 works also when installing with make.

Test plan:

- apply patch and do a `perl Makefile.PL` install
- observe that INSTALL_DIR/intranet/cgi-bin now has a folder `api`
containing the swagger files and the api cgi mount, app.pl.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.z>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher <bredan@bywatersolutions.com>
(cherry picked from commit c20c70c99d79c0d02a37a0e41d0e90afb5c69681)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15928 - Show unlinked guarantor

To test:
1 - Add guarantor data to patron account by typing it in but do not 'Set to patron'
2 - Note it is not displayed on patron details
3 - Apply patch
4 - Note the info is displayed
5 - Test that linked guarantors show as expected

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15962: Block the currency deletion if used

A currency should not be deleted if used by a vendor or a basket.

Test plan:
1/ Add a new currency
2/ Create a vendor using this currency
3/ Create a basket using this currency
4/ Try to delete the currency
5/ Delete the basket
6/ Try to delete the currency
7/ Delete the vendor
8/ Delete the currency

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 13871: [QA Follow-up] Add $server for FID_SCREEN_MSG

When you are ready, you still see that small detail.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 617b72a54eb80fd7ea5e55be9484cf1dbf5e292f)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 13871: [QA Follow-up] Adjust Patron Info Request

Conform QA comment, Patron Info request is slightly adjusted to be
consistent with changes to Patron Status request.

If the cardnumber is ok and the password is wrong, BL=N is reported but
also add 'Invalid password' in AF.
Additionally, an invalid card number is reported in AF.

Test plan:
[1] Send patron info request for invalid card.
[2] Idem for valid card, no password.
[3] Idem for valid card, good password.
[4] Idem for valid card, wrong password.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Verified by telnetting SIP server.
And tested additionally with the new unit test of bug 15956.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit b02aa7c4217ed75c42b95bd6af11a49472737144)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 13871: [QA Follow-up] Adjust Patron Status Request

Conform QA comment on Bugzilla, we do this:

[1] Attribute for overdrive mode/invalid credentials is not really needed.
    We can always pass a screen message that card or password is invalid.
[2] If the cardnumber is correct and the password is wrong, we should
    still honour the request. The bad password is recognized by BLN and
    an additional message in AF.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Verified by telnetting SIP server.
And tested additionally with the new unit test of bug 15956.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit a32a5c4e0843ec8e08e8c75118f648cbbfdb762c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 13871 - OverDrive message when user authentication fails

NOTE: apply this patch after the additional perltidy patch

this patch is basically a small work-around to fix some confusing login text,
when users enter incorrect auth details via Overdrive's website

with this option disabled (default) there is no change to SIP's behaviour

to test...

1/ configure your overdrive account to talk to your Koha's SIP service

2/ start Koha's SIP

3/ enter a correct username and correct password in overdrive
see overdrive display '(1) Greetings from Koha' (good)

4/ enter a correct username and *incorrect* password in overdrive
see overdrive display '(1) Greetings from Koha' (bad)

5/ enter an incorrect username in overdrive
see overdrive display '(1)' (badder)

6/ apply patch, enable 'overdrive-mode' in Koha's SIPConfig.xml

example...
---------------------
<accounts>
<login id="kohasip" password="xxxxx" delimiter="|"
error-detect="enabled" institution="YYY" overdrive-mode="1" />
</accounts>
---------------------

7/ restart SIP

8/ enter a correct username and correct password
see overdrive display '(1) Greetings from Koha'

9/ enter a correct username and *incorrect* password
see overdrive display '(1) Invalid patron or patron password'

10/ enter an incorrect username and incorrect password
see overdrive display '(1) Invalid patron or patron password'

http://bugs.koha-community.org/show_bug.cgi?id=1387

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 8637627dc9c99b2f1e47b4748c7e4360dbaac5f1)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 13871: [TITLE_AMENDED] Additional changes

The original perltidy patch from Mason has been amended.

The perltidy itself has been moved to a separate patch with the current
perltidyrc applied.

As noted on Bugzilla, the original perltidy patch included some extra
changes:
[1] You prefix timestamp with Sip
    This is not actually needed (it is imported), but if we should prefix it,
    we should prefix now with C4::SIP::Sip. But you only changed two
    occurrences (out of 26). So I remove these two changes.
[2] You remove the $server parameter from two calls of maybe_add:
    A closer look at the remaining code tells me that $server is always
    passed to maybe_add for FID_SCREEN_MSG. So this only left me the
    current whitespace change.
But at least we documented what we did or did not, and why..

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 42e731857d53134f91ecf0099ae6b7c13393166c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 13871: Adjusted perl tidy on MsgType.pm

Run perltidy pro=xt/perltidyrc on the file.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit a5babb0effb760aa1d0d9de83ce8bb690099678c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16133: Translatability of database administrator account warning

This patch removes sentence splitting of the database administrator warning with
a button styled link.

Additionally, it uses the same wording as in the warning on the 'About' page.

To test:

- Apply patch
- Log in to Staff client as database administration user
- Verify that the wording of the warning is the same as on the About page (Tab
  'System information')
- Verify that the link to the patron administration page is styled as a button
  and behaves correctly

NOTE: Actually, the category is irrelevant. But I like the improved message.
      Categories may or may not be set up at the initial log in.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit e53b80dedf91617f9eecb9defd2d6f5222f03d65)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16027 - Use Font Awesome icons in the professional cataloging interface

The professional cataloging interface uses Glyphicons. They should be
replaced with Font Awesome icons.

I have replaced the "Import record" icon as per the discussion on Bug
15966 about which icon better expresses import vs. export.

To test, apply the patch and go to Cataloging -> Advanced editor.

- Confirm that the icons in the toolbar look correct.
- Click the "Macros" button and confirm that toolbar buttons in the
  modal look correct.
- Click the "Advanced" link in the left-hand sidebar and confirm that
  the buttons in that modal look correct.
- Click the "Save" button without adding anything to the blank record.
  Confirm that the "Missing..." error messages are styled with the
  correct icon.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 5fb78052f4e3cd3bb5562fcc2471628438a0fe77)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16025 [Revised] Use Font Awesome icons on item types localization page

The item types localization page uses a Glyphicon. This patch converts
it to a Font Awesome icon.

Also changed in this patch: "Delete" text has been added to the delete
link, and a dummy "href" attribute has been added to the link so that it
triggers the right kind of cursor. The deletion confirmation JavaScript
has been edited to ignore the default click action.

To test, apply the patch and go to Administration -> Item types.

- Edit any existing item type and click the "Translate into other
  languages" link.
- If there is not an existing translation, add one. Close the modal
  window and click the "Translate into other languages" link again to
  redisplay it.
- Confirm that there is a "Delete" link next to your translation which
  is styled correctly.
- Confirm that the behavior of the "Delete" link is correct both when
  confirming and when canceling.

Revision adds the "actions" class to the table cell with the delete link
to prevent a line break between the icon and the text.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit dfb8982ca79595297c7430243ad90b77e21d8a67)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15861: Isolated 'The' in help files untranslatable

Changes made:

help/reports/reports-home.tt
    Line 11: Koha database schema: shows the entire Koha database structure so that you can write effective SQL Queries
    Line 12: Koha reports library: lists reports written by Koha users around the world.

help/rotating_collections/rotatingCollections.tt
    Line 7: Important: AutomaticItemReturn (system preference) must be set to ..

TEST PLAN
---------
1) Log in to staff client
2) Click 'Reports'
3) Click 'Help'
   -- Notice the two lines starting with 'The'
4) Click 'Tools'
5) Click 'Rotating collections' in the Catalog column
6) Click 'Help'
   -- Notice the Important has a 'The'
7) Apply patch
8) Repeat steps 2-6
   -- Notice the wording has changed to eliminate 'The'
9) Run koha qa test tools

Sponsored-by: Catalyst IT

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit b72f9b8c51eb11861b931f193628460e2219a4fc)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16191: t/Ris.t is noisy

TEST PLAN
---------
1) prove t/Ris.t
-- very noisy
2) apply patch
3) prove t/Ris.t
-- just one confusing noise.
4) run koha qa test tools

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 5b909a82693d452d233e95d7598092aa5ee14c17)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16023 - Use Font Awesome icons on audio alerts page

The audio alerts management page uses Glyphicons in a few places. This
patch replaces them with Font Awesome icons.

To test, apply the patch for Bug 15886 if necessary and enable
the AudioAlerts system preference.

- Go to Administration -> Audio alerts
- Confirm that icons for "Edit" and "Delete selected" look correct.
- Edit an existing alert and confirm that the "play" button looks
correct and works correctly.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 5d266693edc042c0a2f795588058ae8b3d12da22)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16047 [Follow-up] Software error on deleting a group with no category code

This follow-up take the original patch a little further, making category
name required on the entry form as well. Without a category name there
is no label in the interface when selecting a category. That doens't
make any sense.

Also changed on the group entry form:

- Added "required" attribute to labels on required fields.
- Changed "Update" submit button label to "Submit."
- Added a "Cancel" link.
- Added the "validated" class to the form so that our built-in
validation script will process it (not strictly necessary but makes
the validation appearance more consistent).

Followed test plan, form displays and behaves as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit df127ebad814ad1710b161b85a69d408de95de85)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16047: Making category code a required field on creating a group

This will prevent users from creating a group without a category code,
which causes a software error when you try to delete it

To test:
1) Go to Admin -> Libraries and groups
2) Create new group without category code
3) Attempt to delete the group you just created and notice software
error
4) Apply patch
5) Create new group without category code
6) Notice you now cannot save the group without putting in a category
code

Sponsored-by: Catalyst IT
Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 577aa86eb96160088c70008bfe85ae2c0820f547)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16029: Hide patron toolbar if patron does not exist

To test:
1) Create a patron, take note of the borrower number
2) Delete the patron
3) Navigate to the page of the patron you just deleted by typing the url (ie /cgi-bin/koha/members/moremember.pl?borrowernumber=X)
4) Confirm that the patron toolbar is not showing on the page
5) The message now has a link that says 'Find another patron?'. Click this link and confirm you are taken to the member home pgae.

Sponsored-by: Catalyst IT

Followed test plan, works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 1870141874667d854f9b5508c563169baefb2328)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15984 - Correct templates which use the phrase "issuing rules"

This patch corrects two places in the templates where the phrase
"issuing rules" is used instead of "circulation and fine rules."

To test, apply the patch and view the help pages for Administration ->
Circulation and fine rules; and Tools -> Automatic item modification by
age. Confirm that the term "circulation and fine rules" is used instead
of "issuing rules."

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 98a9e30f040661e0a67a594f72abd8ab02cf9ad6)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 14076: Do not use CGI->param in list context - opac-authorities-home.pl

See bug 15809 for more info on why we should not use CGI->param in list
context.

Note: I have not found any places where several values for the same
params are passed to this script but, just in case, this patch won't
change this ability.

Test plan:
Do an authority search at the OPAC
Test with several values of the form.
Confirm that the results are always the same before and after this
patch.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>
Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 3fa2b10150a9ea2db2897be1246cba3785c55e55)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15809: Redefine multi_param is CGI < 4.08 is used

On debian Jessie, the CGI version is >= 4.08
Since this version, the param method raise a warning
"CGI::param called in list context".
Indeed, it can cause vulnerability if called in list context

https://metacpan.org/pod/CGI#Fetching-the-value-or-values-of-a-single-named-parameter
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/

There is a long journey to get rid of these warnings.
First I suggest to redefine the multi_param method when the CGI version
installed is < 4.08, it will allow us to move the wrong ->param calls to
->multi_param without waiting for everybody to upgrade.

The different ways to call these 2 methods are:

my $foo = $cgi->param('foo'); # OK

my @foo = $cgi->param('foo'); # NOK, will raise the warning
my @foo = $cgi->multi_param('foo'); #OK

$template->param( foo => $cgi->param('foo') ); # NOK, will raise the warning
# and vulnerable
$template->param( foo => scalar $cgi->param('foo') ); # OK

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Tested a call to multi_param with CGI < 4.08.
With reference to the comments on Bugzilla, this workaround is arguable,
but provides a base to move to multi_param. If we come up with a better
solution, it should be easy to adjust.

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 94dde6b48d6e20a5260ea49f9b98ec884c2c25b5)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15421: Show 'Duplicate' and 'Schedule' on Reports toolbar

To test:
1) Go to Reports -> Use saved
2) Click 'Show' on the dropdown for any report
3) Confirm that 'Duplicate and 'Schedule' are now on the toolbar and work as expected

Sponsored-by: Catalyst IT

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit a9d7292a103918ecddcfabc430ea07cdd3513148)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16184 - Report bor_issues_top shows incorrect number of rows

TEST PLAN
---------
1) Have at least 6 patrons with checkouts and some checkins.
2) Reports -> Patrons with the most checkouts
3) Click 'Submit' (default is 5)
   -- more than 5 entries listed.
4) Apply patch
5) Refresh page
   -- only 5 entries listed.
6) Run koha qa test tools

NOTE: While this works, I'd be much happier with a refactor
      as it would also speed up the report. See comment #5.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 2c68980467009a9d19116440d4f28356707e9e7c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16171 - Show many media in html5media tabs

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit c2f92f68d84753d62880e17e9d1bd19c8b9bff47)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16143: Make opac-shelves.pl generate OPAC itype images path

This patch makes icons point to the OPAC path instead of intranet's.

To test:
- On current master/3.22.x
- Have some itemtypes with icons set
- Have some biblios matching the itemtypes
- Add them to a public list
- Do a search in the OPAC for any of those biblios
=> SUCCESS: icons show correctly
- Choose the list
=> FAIL: icons fail to show, URL points to /intranet-tmpl/....
- Apply the patch, reload
=> SUCCESS: icons show correctly
- Sign off :-D

Sponsored-by: American Numismatic Society

NOTE: I had to set item-level_itypes to 'biblio record'
in order to trigger this. My icon's showed, but the
path was wrong. This patch corrects it.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 630301673605733429c4ae79e125053cf4169376)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16134: t::lib::Mocks::mock_preference should be case-insensitive

Test plan:
1. prove t/db_dependent/Auth_with_cas.t => FAIL
2. Apply patch
3. prove t/db_dependent/Auth_with_cas.t => SUCCESS

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 300bf096bda90a0f17c6615798957fa7f588b36e)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15888 - Syndetics Reviews preference should not enable LibraryThing reviews

To test:
1 - Enable Syndetics Reviews without a LibraryThing ID
2 - Check page source and note you have a stanza for LTFL tabbed reveiws
3 - Apply patch
4 - Reload page and note LTFL tabbed reviews are not present
5 - Enter a LibraryThing ID and not the tab is restored.

Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 541a03cf6daace451f78e614b8019382dcd52acc)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15868: Ask for confirmation when deleting a MMT action

Test plan:
Create marc modification template
Add an action
Delete it
With this patch you must get a confirmation mesg

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15866: Add confirm message for deleting rotating collection from toolbar

To test:
1) Go to Tools -> Rotating Collections
2) Click on any rotating collection ('Add or remove items' from drop down menu)
3) Click 'Delete' from toolbar. Validate you are now asked to confirm your deletion. Check that cancel works, then check that confirm works.

Sponsored-by: Catalyst IT

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
I've added the word 'rotating' before collection, to make
it clear for translators what is meant here.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit a48d166bbf506287355c9fceea2633159308c530)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15838 - Subscription duplicating: Reset fields from SubscriptionDuplicateDroppedInput syspef by getting them using name instead of id

How I tested:
Verified bug with start and end date (were not cleared without patch).
After applying the patch all fields defined in SubscriptionDuplicateDroppedInput
were cleared as expected.

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 873a49f13b79bf1f5f7163f217cfc3a317ce602f)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16214: Fix typo 'To.jon' -> 'To.json'

Bug 15722 introduces a regression in serials patron search results,
causing the surname to not be displayed

To reproduce:
1. Create a routing list for a subscription
2. Click on "Add recipients" button
3. Run a search
4. Check that surname is not displayed

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit e916ded09756ba4902a25e9e68fe536614419c87)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15722: Escape patron infos for JSON in patron searches

If patron infos contain invalid JSON chars (\t for instance), the
results won't appear.
The solution is to escape these info.

Test plan:
Edit patron infos in DB (update borrowers set surname="foobar\t" where
borrowernumber=42)
Search for foobar (you should have more than 1 result)
Without this patch, DT retrieves a bad formatted JSON and the results
won't appear.
With this patch, the table result appears

Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit cd20b61a7c845110e518e6dedc12ac50efebe4aa)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16185: t/db_dependent/Reports_Guided.t is failing

TEST PLAN
---------
1) prove t/db_dependent/Reports_Guided.t
   -- fails
   -- note the failure has a scalar function-like bracketing
2) apply patch
3) prove t/db_dependent/Reports_Guided.t
   -- passes
4) git diff origin/master
   -- note all scalars have been changed to not have
      function-like brackets which could be incorrectly
      parsed.
5) run koha qa test tools

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 42d065937627a705b813eba577f519416f356d99)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15773: Fix and standardise checkboxes code in framework

When creating a new subfield for an authority framework, the checkboxes
don't behave as they should.
If you click on the 'repeatable', 'mandatory' or 'is url' checkbox's
label, the checkbox from the second tab will be checked/unchecked.
This is caused by a non-unique id of the input element.

I have found this bug when working on the removal of CGI::checkbox in
both admin/auth_subfields_structure.pl and
admin/marc_subfields_structure.pl scripts.

This patch remove the use of CGI::checkbox as well as the generation of
html code from these 2 pl scripts (which should be avoided).
The code these scripts are now pretty similar.

Test plan:
Add/modify/remove subfield for a MARC framework and an Authority
framework.
Use as many field as possible and confirm that the values are correctly
inserted/displayed.

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 39597b86ae299a9b4c0c1e8221f51f9e8dd300ed)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15745: C4::Matcher gets CCL parsing error if term contains ? (question mark)

Signed-off-by: Olli-Antti Kivilahti <olli-antti.kivilahti@jns.fi>

Also fixes ! and +
Rebased to master
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
It makes perfect sense and works as expected. This part of the code is too
under-tested so no point requiring a regression test for such a simple change.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit fcbd81049f590e5fc0c31030bcdb1311951c1444)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15741: Fix rounding in total fines calculations

C4::Members::GetMemberAccountRecords wrongly casts float to integer
It's common to use sprintf in Perl to do this job.

% perl -e 'print int(1000*64.60)."\n"';
64599
% perl -e 'print sprintf("%.0f", 1000*64.60)."\n"';
64600

Test plan:
1) Create manual invoice for 64.60 (or 1.14, 1.36, ...)
2) Try to pay it using "Pay amount" or "Pay selected" buttons

Signed-off-by: Sally Healey <sally.healey@cheshiresharedservices.gov.uk>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 92fbb1f3d0f2bdb070a1b647c96edbce5b28a377)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15741: (regression tests) Rounding is not calculated correctly

Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit f1e1eaa32870a5954a1151973bae3dbe3f3b8122)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15323: Use fixtures for the active currency

  prove t/Prices.t
fails after bug 15084 has been pushed
It's caused by
  commit 1538e9ecf47642c4974693ff499c3e95e4d71977
    Bug 15084: Replace C4::Budgets::GetCurrencies with
    Koha::Acquisition::Currencies->search

Koha::Number::Price->_format_params calls
Koha::Acquisition::Currencies->get_active, which requests the DB.
The currency data should be mocked.

Test plan:
sudo service mysql stop
prove t/Prices.t
should return green

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Patch works as expected and passes the qa-tools tests.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 0a14e22d59343475ed6970b82b474a80e43d8e29)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 14441: TrackClicks cuts off/breaks URLs (XSLT)

Same test plan as previous patch, but for opac defail and result using
the XSLT views.

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
I am amazed!

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit ee0abde76e78713233a9fcd31fbb6f80b5a9610c)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 14441 - TrackClicks cuts off/breaks URLs

to test...

1/ set TrackClicks syspref to 'track'

2/ add a problematic multipart url to an item's 'url' field
example url: http://foo.corg?key1=val1&key2=val2

3/ test url in opac-detail.pl - url is corrupt

4/ apply patch - url is corrct

Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Only fixes the item URLs - a follow-up for the URLs
in the bibliographic record (856 for MARC21) is still
needed.

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit de2a298a0623408c064ed0edbe47795740c814f4)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 14158: www search tests - Cleanup at the end

When something wrong happen, the parent process is waiting for the
children to finish, but they have been zombified and the test hangs.

To fix that, we should ensure that the cleanup is correctly done and
that the processes are correctly killed.

Test plan:
export KOHA_USER=koha
export KOHA_PASS=koha
export KOHA_INTRANET_URL=http://do_not_exist_but_its_expected
export KOHA_OPAC_URL=http://another_url
prove t/db_dependent/www/search_utf8.t

Without this patch, the tests will hang
With the patch applied, they won't!

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 8255a18edc9c2eee52b01bfa20114b088b9bf555)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 11498 - Prevent bypassing sco timeout with print dialog

This patch prevents bypassing the self check timeout with the print dialog.

To test:
- Set syspref 'WebVasedSelfCheck' to 'Enable'
- Set syspref 'SelfCheckoutReceivePrompt' to 'Show'
- Set syspref 'SelfCheckTimeout' to 20 seconds
- Apply patch
- Go to SCO page (/cgi-bin/koha/sco/sco-main.pl)
- Enter card number
- Click 'Finish'. Dialog "Would you like to pritn a receipt?' appears.
- Confirm printing without waiting 20 seconds
  => Result: Print slip, SCO page shows 'Please enter your card number'
- Enter card number again
- Click 'Finish'. Dialog "Would you like to pritn a receipt?' appears.
- Wait > 20 seconds (value of SelfCheckTimeout) and then confirm.
  => Result: Message appears "Timeout while waiting for print confirmation"
- Click on OK.
  => Result: Self checkout page refreshes (shows 'Please enter your card number')

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

https://bugs.koha-community.org/show_bug.cgi?id=11497

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 7f8037f642913d94ebec70413c6fd8cadfdf938d)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16138: Restart plack when rotating logfiles

On log rotation Starman/Plack keeps failing (Auth.pm related problems)
due to permission issues:

Could not compile /usr/share/koha/opac/cgi-bin/opac/opac-search.pl: Can't locate Authen/CAS/Client/Response/Failure.pm
: ./Authen/CAS/Client/Response/Failure.pm: Permission denied at /usr/share/perl/5.20/base.pm line 97.
...propagated at /usr/share/perl/5.20/base.pm line 106.
BEGIN failed--compilation aborted at /usr/share/perl5/Authen/CAS/Client/Response.pm line 68.
Compilation failed in require at /usr/share/perl5/Authen/CAS/Client.pm line 8.
BEGIN failed--compilation aborted at /usr/share/perl5/Authen/CAS/Client.pm line 8.
Compilation failed in require at /usr/share/koha/lib/C4/Auth_with_cas.pm line 25.
BEGIN failed--compilation aborted at /usr/share/koha/lib/C4/Auth_with_cas.pm line 25.
Compilation failed in require at /usr/share/koha/lib/C4/Auth.pm line 63.
BEGIN failed--compilation aborted at /usr/share/koha/lib/C4/Auth.pm line 90.
Compilation failed in require at /usr/share/koha/opac/cgi-bin/opac/opac-search.pl line 34.
BEGIN failed--compilation aborted at /usr/share/koha/opac/cgi-bin/opac/opac-search.pl line 34.

As we do with zebra daemons, starman should be restarted as it doesn't
handle log file rotation gracefully[1].

I'm not sure how to reproduce it on a dev environment.

[1] https://github.com/miyagawa/Starman/issues/55

Signed-off-by: Mirko Tietgen <mirko@abunchofthings.net>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 93efeab13e25aea7e467b112983536833c69ceea)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16068: Do not cache overridden prefs

These prefs do not need to be cached, a quick access to $ENV permit to
get the value.

Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 6e8d24231c03775422f403a76ca41ccf22f40558)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15967: Use the email template if the print template does not exist

From commit 581759e985c170db0edb4a895cda641930e5ac11
Bug 14133: Print notices should be generated with the print
template

"""
IMPORTANT NOTE: This test plan does not take into account the notices
generated for the staff ("These messages were not sent directly to the
patrons."). However the behavior will also change, the print template
will be used in all cases. Is it what we want?
"""

Yes, it is what we want. But if the print template does not exist, the
notice is not generated, we'd like to get the email template instead.

Test plan:
- Remove the print template for the letter you use for overdues
- Define an overdue rule to send an email
- Remove the email address for the patron which has overdues
- Execute the overdue_notices script
The staff should get an email notice and a print notice (using the
email template) should be generated for the patron

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit ea4a2436e274d8f0a5082ef6b6944c400ad69d88)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15967: Fix regression from bug 14133 - notify the library if patron is not

Regression introduced by bug 14133, see but 14133 comment 13.

Test plan:
Without this patch applied, if a patron cannot be notified (no email
address or sms number), the print notice generated for the library was
not.
With this patch applied, the print notice should be generated using the
print template

Signed-off-by: Nick Clemens <nick@bywatersolutions.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit faaa2cbcdb1970866be4f8a7001bf2de305823a9)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 14633: Patch to control.ini to add or dependency to libapache2-mpm-itk

The other attachment was not a patch which could be applied by
'git bz'. This corrects that.

Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>

debian/update-control will need to be run after this is applied, but
it works well
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit aa66debec6fcdbdadd643386749a61229167aa62)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16082: Display a friendly "patron does not exist" message if that's the case - circulation.pl

The major part of pages you can access from a patron detail page (menu)
does not take into consideration the 'patron does not exist' case.
If the borrowernumber is linked to a deleted patron, a friendly message
should be displayed instead of an empty patron detail page.

Test plan:
Go on circ/circulation.pl?borrowernumber=424242
and circ/circulation.pl?borrowernumber=424242&batch=1
Notice the difference before and after this patch

Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 7aedcf643e6f7793b4ebf55b1c7cdec7ec04a25d)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16040: Update fnReloadAjax DT plugin to fix quotes deletion

When deleting quotes, the table is not regenerated and a JS error is
raised.
That is because we are not using an up-to-date plugin

Test plan:
Delete a quote and confirm you do not get a JS error

Works as expected.
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 908a751e2cadcda0ceafa2efdd2cf0104a323467)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15713: Restart zebra when rotating logfiles

Somehow, it may happen that Zebra keeps writing to the old rotated logfile
with extension .log.1. I must add that although I saw that happen (a new
log was created and was empty, while Zebra kept writing to log.1 for weeks),
I cannot reproduce it every time.

By stopping the zebra server in prerotate and starting it again in
postrotate, this should not happen at all. In practice, this implies that
your Zebra server is restarted once a week.

Note: The existing sharedscripts directive makes sure that these actions
are not executed for all individual logfiles but once for all matching
logfiles (even when running multiple instances).

Test plan:
[1] Apply the change in koha-common.logrotate to the file
    /etc/logrotate.d/koha-common.
[2] Run logrotate -f /etc/logrotate.conf (forcing a logrotate).
[3] Check in zebra-error.log that your zebra server was stopped
    ('killed by signal 15').
[4] Verify that your Zebra server runs (read: has been restarted).
    (Do a search..)

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>
Signed-off-by: Marc Véron <veron@veron.ch>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit af47f00636848e1115b08652abcaec6b789bf672)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 14614: Multiple URLs (856) in cart/list email are broken

To reproduce:
- Add multiple subfields 856 u to a bilbio
- Add this biblio to a cart and send it as mail
(from Staff client and from OPAC)
Result: Links in mail body are broken

To test
- Apply patch
- Send carts again (from Staff client and from OPAC)
- Result: In mail body, links display separated with blank-pipe-blank
like http://bla.com | http://blabla.com | http://blablabla.com
- Change one of the 856 u to not to be a link, e.g. äöü
- Send carts again
- Verify that in mail body äöü correctly display as text.

(Amended to make it work for OPAC as well, MV)

Signed-off-by: Owen Leonard <oleonard@myacpl.org>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit d135499d2893fe1000c627f433395989d7d9e022)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16151: Restore the ability to place holds from lists at the OPAC

This patch fixes a bug introduced by bug 14544.
Holds can not be placed from lists at the OPAC, the action results in a
crash:
Can't call method "field" on an undefined value at
/home/koha/src/C4/Items.pm line 1504.
at /home/koha/src/opac/opac-reserve.pl line 601

Before 14544, the checkboxes were named 'ACT-$BIBNUM', something like
REM-4242. Now we can retrieve the biblionumber from the value.

Test plan:
Select a public list
check some titles and click on the 'Place hold' link
you should able to process the reservation

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>

Signed-off-by: Brendan A Gallagher <brendan@bywatersolutions.com>
(cherry picked from commit 1ae64b97b39f5554e2d2360de9582a3e445854c5)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15889: LDAP authentication: Only update mapped attributes

Test plan:

- Update your configuration file to use LDAP authentication and enable update
(<update>1</update>) option,
- login with an existing user with extended attrbitutes that are not in
LDAP mapping,
- check that all attributes are still here.

Signed-off-by: Chris <chrisc@catalyst.net.nz>

Signed-off-by: Philippe Blouin <philippe.blouin@inlibro.com>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>
(cherry picked from commit c74678a1d239aaf91906039ccb3db940df4a0b41)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16084: [QA Follow-up] Correct three occurrences of __KOHA_CONF_DIR__

This bug correctly inserts substitutions for this variable.
Four occurrences will now be changed. The line for log4perl.conf is now
correct, but the three other changes point to a location that does not
exist: /etc/koha/sites/$instance/zebradb.
That should just be: /etc/koha/zebradb.
All three cases concern the explain files.

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit aa369c80c15b1699ddb89794c04bf0c3c0451b91)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16084: log4perl.conf not properly set on packages

- Run koha-create to create an instance or just fire kohadevbox:ansible
=> FAIL: Notice the instance's koha-conf.xml points to __KOHA_CONF_DIR__
instead of /etc/koha/sites/kohadev/ on the log4perl entry.
=> FAIL: the /etc/koha/sites/kohadev/log4perl.conf contains __LOG_DIR__
instead of /var/log/koha/kohadev/
- Apply this patch and pick the koha-conf-site.xml.in and koha-create files
- Create a new instance
=> SUCCESS: All placeholders are filled correctly.
- Sign off

Regards

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 360cdea29559d84d1f82f0e1e102f18fc8475bb4)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16146 - ACQ: Previewed records in Z39.50 search results are wrong

For 3.22.x only:

This patch fixes a bug which was fixed in cataloging by Bug 6367 and
fixed in master by Bug 15318. A misplaced line of JavaScript means that
the popup menu of options shown when clicking in a table cell links to
the wrong record.

To test:

1. Apply the patch and navigate to Acquisitions.
2. Locate an exsiting basket or create a new one.
3. Add to the basket using the option to order from an external source..
4. Perform a search which will return multiple results.
5. Test the "MARC" and "Card" links for multiple results and confirm
   that the correct data is shown each time.
6. Click anywhere in the results table to show the hidden menu and test
   the "Preview MARC," "Preview card," and "Order" links it displays,
   confirming that the actions complete using the correct record.

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Increment version for 3.22.5 release

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Translation updates for Koha 3.22.05

New languages: Interlingua, Inuktitut and Inuinnaqtun

Signed-off-by: Bernardo Gonzalez Kriegel <bgkriegel@gmail.com>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Update release notes for 3.22.5 release

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Change syspref case to make tests pass

Regression due to bug 11998

Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16106 Correct loose to lose in comment

Comment was using incorrect (but similarly spelled) word, obscuring
the meaning slightly. Also corrected the release note altering the
grammar there additionally as it should have been 3rd person singular
so that it now reads more clearly

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 515e2d7c9d2b5afe3f7c0618596f1d9e5e699315)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15119: Hide search header text boxes on render

When the page rendering is slow or the page is heavy, the tabs in the
header shown be not correctly displayed as tabs.

This patch suggests to hide them, display the first one, and wait for
the JS code to display them nicely.

To easily reproduced the ergonomic issue, go on the circulation home
page (/cgi-bin/koha/circ/circulation.pl) and search for a patron 'a' or
'd', you will get a lot of result and the page will be slow to be fully
displayed.

Signed-off-by: Hector Castro <hector.hecaxmmx@gmail.com>
Works as advertised

Signed-off-by: Owen Leonard <oleonard@myacpl.org>

Signed-off-by: Christopher Brannon <cbrannon@cdalibrary.org>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 70eedf2217e1bfde1c56bc77c8dd0dc039124f47)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15946 Valid namespace for OAI marcxml schema (3.22/3.20)

As the patch for master, this patch apply on 3.22 (and 3.20 probably).

This path fixes the value of xml schema variable and the link to Library
of Congress.  For Dublin Core format those values are defined in
UNIMARCslim2OAIDC.xsl and MARC21slim2OAIDC.xsl.  For MARCXML those
values are written into the code

To test it:
1) Setup OAI-PMH
2) Test the site inserting the BaseURL into http://validator.oaipmh.com
3) See the problem with ListMetadataFormats [link:
   http://validator.oaipmh.com/#ListMetadataFormats] 4) Insert the patch
5) See the problem is over

Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
  Invalid before patch, valid after.

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Bug 16013: Make classification sources deletable

Because of a wrong variable scope, the classification sources are not
deletable.

Test plan:
Create a classification sources (admin/classsources.pl)
Try to delete it
Without this patch, the classification source won't be deleted
With this patch, it will work!

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit f6463317db08b9a4218ad94a2d191a5f5216c8c5)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15997 - Hold Ratios for ordered items doesn't count orders where AcqCreateItem is set to 'receiving'

Currently, the hold ratios script only counts on order items where the
record item is created at the time the order is placed, and not if the
item is created when the item is received.

Test Plan:
1) Set AcqCreateItem to recieving
2) Run the hold ratios report with "include ordered" checked
3) From aquisitions, order some additional items for the record
4) Re-run the hold ratios report, not there is no change in the ratio
for that record
5) Apply this patch
6) Re-run the hold ratios reporat again, the ratio should now have
changed

Signed-off-by: Srdjan <srdjan@catalyst.net.nz>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 7e1ccbd6069658540dd352f63ade3ef7b19de282)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 16095: Remove target="_blank" when a link refer to an external link

If you click on a link that opens a new tab/window to another site, that tab
has access to the original window through JavaScript. The browsing context is
related, even if the domains are totally different.

The tab retains access to the original window's object via window.opener, even
if you navigate to another page or domain, in the new or original window.
Access to the Window object means the new window can use Window.location to
open a different URL in the original window, perfect for phishing attacks.

Depending on the site's Same-Origin Policy settings, the new window may have
access to other parts of the original window's DOM as well.

Any 'A HREF' that contains a target of of '_blank' or '_new' or a fixed name
is vulnerable. Previous security best practice often suggested creating a random
fixed name for an unpredictable namespace - that won't help with this problem!
Targets of '_self' and '_parent' are safe.

We do not use _new (at first glance) but several _blank. Some are used
to refer internal url, we do not need to update or remove them. Others
are used to satisfy OPACURLOpenInNewWindow, in these case, we should add
the rel="noreferrer" attribute to the a tags.
In other cases, we can simply remove them and let the users discover
that a mouse has more than one button (we are in 2016, they can do it!)

Signed-off-by: Chris <chrisc@catalyst.net.nz>

Signed-off-by: Jesse Weaver <jweaver@bywatersolutions.com>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 6c1b39b4cbceb1a414a91865e15612385c2eb5b7)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 15840: Catch errors if userid already exists when importing patrons

Import borrowers tool explodes if userid already exists. This error
should be caught to avoid the script to explodes.

TEST PLAN
---------
1) back up DB
2) drop DB, create empty DB
3) Apply patch 15842
4) web install all the sample data
5) login as system user and import patron data
   -- sample provided to trigger error.
   -- you will get a DBIx::class exception
      "Duplicate entry ' for key 'userid'"
6) Apply this patch
7) Repeat steps 2-5
   -- patrons won't be inserted but an error
      will be nicely displayed in the error list.
8) run koha qa test tools

Note that it would be easy to insert the patrons anyway and generate a
userid based on the surname and firstname.

Signed-off-by: Mark Tompsett <mtompset@hotmail.com>

Signed-off-by: Katrin Fischer <katrin.fischer.83@web.de>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit f1e156453a1bc636914bc5c969e1665d7108cb95)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 11998: Clear L1 cache from psgi files

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 55b78f1a5dbbff5a790971e2f5a99ebdd6a3f18a)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 11998: Add a L1 cache for sysprefs

Accessing to the cache for each call to C4::Context->preference might
have an impact on performances.
To avoid that this patch introduces a L1 cache (simple hashref). It will
be populated by accessing the L2 cache (Koha::Cache).
If a pref is retrieved 10x, the first one will get the value from the L2
cache, then the L1 cache will be check.
To do so we will need to clear the L1 cache every time a page is loaded.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 47fbbb7cf5e7ef2f9ef422e2fd9232066100a64b)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 11998: follow-up for the debian package psgi file

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit 2eaf2cd71b9620c0d5782c7c78f86a5e323c89a4)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>

Bug 11998: Revert "Bug 13805: (Plack) Disable syspref cache"

This reverts commit ca00f0ddaeb76106b4aa274fd1848844ae042f58.

Bug 13805 fixes an installer bug by disabling the syspref cache.
It was not a good idea, it introduced performance issues (see bug 13805
comment 14).

Test plan:
Test plan:
0/ Create a new database and fill the database entry in the koha conf
with its name
1/ Go on the mainpage, you should be redirected to the installer
2/ Try to log in
You should not get the login form again.

Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
Signed-off-by: Jacek Ablewicz <abl@biblos.pk.edu.pl>
Test plan not followed by me for this patch, due to lack of working
plack setup, but I don't expect it to cause any problems, and performace
gain for plack will be tremendous

Signed-off-by: Brendan Gallagher brendan@bywatersolutions.com
(cherry picked from commit d4039ce09347c342f8ac048814ee10b47819df48)
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>