This patch escapes various GET param values by passing them through
the Template Toolkit html filter, including:
* in the locale picker
* in the searchbar
* in the login form
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Conflicts:
Open-ILS/src/templates/opac/parts/searchbar.tt2
Dan Wells [Tue, 18 Apr 2017 15:06:03 +0000 (11:06 -0400)]
LP#1670407 Add tests for xact_finish close/re-open
Since this bug came about due to negative balance changes (and it was
easier), this commit extends the existing negative balances test suite
to include basic tests for checking both xact_finish conditions.
One of these tests fails without the fix from the previous commit.
Avoid re-closing a circulation that was re-opened during checkin because
it acquired a non-zero balance. This is typically caused by, for
example, voiding a lost item fee during checkin and/or generating
overdues for lost-then-found items.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Ben Shum [Tue, 21 Mar 2017 13:37:48 +0000 (09:37 -0400)]
Docs: README to include Debian for changing ownership of /var/lock/apache2
Minor tweak to also include Debian among distributions where it might
be necessary to change ownership of /var/lock/apache2 to opensrf user.
Previously this had been Ubuntu only issue, but has since been encountered
during new Debian installations.
LP#1586567 Always return Fund Years sorted descending
Currently, fund year selectors in Acq interfaces (at least Acq Admin ->
Funds, and Acq -> Load MARC Order Records) show the fund years in
database order. This commit adds a descending sort to the perl function
that retrieves fund years for those interfaces. It also removes the
unsuccessful attempt at sorting that was present in the dojo code.
Jason Etheridge [Wed, 2 Nov 2016 18:28:08 +0000 (14:28 -0400)]
lp1261835 stop colliding bill UI refreshes
for want of promises in Angular :)
population of the bill list in this implementation is asynchronous, but the rest
of the refresh action is not, and it's sadly being invoked multiple times. There
are different ways to fix this, but using a semaphore seems to work.
Signed-off-by: Jason Etheridge <jason@esilibrary.com> Signed-off-by: Dawn Dale <ddale@georgialibraries.org> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Dan Wells [Wed, 2 Nov 2016 18:35:16 +0000 (14:35 -0400)]
LP#1175293 Use filtered fund dropdown in funding source interface
The exising interface for allocating to funds from a funding source
view lists all funds by code only. Since many (most?) orgs reuse
fund codes year to year, you eventually end up with a bunch of
dupes you cannot tell apart.
Let's "borrow" an AutoFieldWidget to do the heavy lifting of creating
a filtered list of active funds, and include the year for further
user validation.
This is inspired by a few other fund dropdowns, but may not be the
best overall solution.
Signed-off-by: Dan Wells <dbw2@calvin.edu> Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Bill Erickson [Tue, 28 Feb 2017 16:33:25 +0000 (11:33 -0500)]
LP#1668682 Checkout holds fullfill ignores expire time
Checking out a hold-captured item for a hold whose expire time is in the
past, but has not yet been canceled by the hold targeter, now marks the
hold as fulfilled.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
The SuperCat transform methods for records retrieved by record ID or ISBN call
toString on the XSLT output object, which results in a byte string and thus
corrupted output. Instead, call output_as_chars() on the stylesheet object to
generate a character string and avoid corruption.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
In moving from the deprecated XML::LibXSLT::output_string() to output_as_chars(),
add a regression test to ensure that we do not suffer from corrputed encoding
output in the future.
We test both the case where an output encoding has been explicitly declared,
as well as the case where an output encoding has not been explicitly declared.
It was this subtle difference that was causing the problem with output_string().
Signed-off-by: Dan Scott <dan@coffeecode.net> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Dan Scott [Fri, 3 Mar 2017 06:40:19 +0000 (01:40 -0500)]
LP#1442276 Prevent corrupted Unicode chars in MARCTXT and RIS
The MARCTXT and RIS feeds use the deprecated XML::LibXSLT::output_string()
method which, depending on the stylesheet, generated either a byte string
or characters. Using output_as_bytes() ensures it is always a byte string
and avoids the resulting MARCTXT and RIS output from corrupting Unicode
characters.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
The XML::LibXSLT::output_string() method was deprecated in favour of
output_as_bytes() and output_as_chars(). The latter always generates
UTF8 output as characters, which is what we need, while output_string()
behaviour depended on the stylesheet.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Jeff Davis [Fri, 27 May 2016 20:10:29 +0000 (13:10 -0700)]
LP#1576435: Include inactive patrons on patron reg duplicate search in web client
Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca> Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Jeff Davis [Sun, 24 Apr 2016 02:12:27 +0000 (19:12 -0700)]
LP#1576435: Force "Include inactive patrons?" on patron reg duplicate search
In the XUL client, duplicate patron checking in the patron registration
interface now includes inactive patrons (see LP#1217052). However, if
you click on the link "Found X patron(s) with the same name," the
resulting patron search does not always include inactive patrons by
default (instead, the value of the "Include inactive patrons?" checkbox
is cached from your last patron search, as usual).
To prevent user confusion in this scenario, this commit forces the
linked patron search in the XUL client to always include inactive
patrons.
Signed-off-by: Jeff Davis <jdavis@sitka.bclibraries.ca> Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Dan Scott [Wed, 22 Feb 2017 16:29:21 +0000 (11:29 -0500)]
LP1584891: Export MARC holdings with UTF8 subfields
The --items option of marc_export adds a new MARC 852 field with a
number of subfields that it retrieves from the database. If those
subfields (such as call number, copy location, etc) contain Unicode
characters, then we need to decode the incoming UTF8 characters
when adding the subfield values to avoid corrupting the MARC.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Galen Charlton [Fri, 24 Feb 2017 23:04:29 +0000 (18:04 -0500)]
LP#1667835: avoid edi_fetcher.pl crash upon fetching zero-length file
This patch fixes an issue that could cause edi_fetcher.pl to crash
if the EDI partner supplies a zero-length file for Net::FTP to
download; such files are now skipped.
Testing would entail setting up an FTP server that contains a
zero-length file, then setting up an EDI remote account and
using edi_fetcher.pl to try to retrieve the file.
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org> Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Jason Stephenson <jason@sigio.com>
Jason Boyer [Mon, 13 Feb 2017 21:59:01 +0000 (16:59 -0500)]
LP1371772: Correct Escape of Library Info URL
Using the url filter in TT2 causes named anchors to
be escaped in such a way that urls including them
will likely return a 404. Since the url is being
used in an html document, the html filter is
sufficient and allows the url to work as intended.
Signed-off-by: Jason Boyer <jboyer@library.in.gov> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Michele Morgan [Tue, 7 Feb 2017 18:21:48 +0000 (13:21 -0500)]
LP#1661754 - Prevent staff users from marking a Long Overdue item Lost
Prevents circulations that are already Lost or Long Overdue from being
marked Lost or Long Overdue. Avoiding patrons being billed twice for the
same item.
Signed-off-by: Michele Morgan <mmorgan@noblenet.org> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
Bill Erickson [Tue, 14 Feb 2017 15:53:54 +0000 (10:53 -0500)]
LP#1662902: do not re-download EDI files that failed parsing
Avoid fetching and creating edi_message entries for EDI messages that
the system cannot parse.
In the event parsing failed due to a temporary condition (e.g. Ruby
translator was not running), messages can be reprocessed by either
deleting the offending edi_message row or setting its status to 'retry'.
See previous commit ("LP#1662902: do not re-download EDI files that
failed processing") for a more detailed explanation.
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Galen Charlton [Thu, 9 Feb 2017 17:24:35 +0000 (12:24 -0500)]
LP#1662902: do not re-download EDI files that failed processing
At present, the EDI fetcher ignores files (as determined by file
name and EDI account details) that were already successfully
processed. With this patch, ones that failed processing (e.g.,
acq.edi_message.state = 'proc_error') previously are ignored
as well.
This is because most processing errors reflect conditions that
require some sort of manual intervention on the part of the materials
vendor or the Evergreen user; having edi_fetcher.pl simply redownload
and attempt to process the file has no effect other than causing
the acq.edi_message table to grow.
With this patch, the appearance of rows in acq.edi_message whose
state is 'proc_error' should be taken as a signal to the Evergreen
admin to investigate and resolve whatever issue caused the
message to not be processed; after doing that, removing the
acq.edi_message rows will allow the file to be downloaded again
(assuming it's still available on the file server).
To test
-------
[1] Arrange to create or simulate an EDI message that failed
processing.
[2] Run edi_fetcher.pl to have it attempt to download the
failed message in step #1; verify that the file is
/not/ downloaded again and that no additonal acq.edi_message
rows are created for it.
Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org> Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Unprivileged users can retrieve organizational unit setting values
for setting types lacking a "view" permission. When the feature adding
Stripe credit card processing was added, the upgrade script neglected to
add the VIEW_CREDIT_CARD_PROCESSING permission to the organizational unit
setting type (which was included in 0396.data.org-setting-payflowpro.sql).
Fresh installs are not affected, but anyone who upgraded through 0863.data.stripe-payments.sql
(included in the 2.5.3-2.6.0-upgrade-db.sql version upgrade script) and is
using Stripe credit card processing should run this script.
Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Jason Stephenson <jason@sigio.com> Signed-off-by: Galen Charlton <gmc@equinoxinitiative.org>
Jason Stephenson [Tue, 22 Nov 2016 19:35:58 +0000 (14:35 -0500)]
LP 1473054: No-op Checkin Should Not Always Float a Floating Copy.
Prior to this patch, a no-op checkin would not check if a copy should
float using the evergreen.can_float() function. It would simply float
the copy to the org_unit where the checkin happened if the copy had a
float value set.
This commit changes the behavior to use evergreen.can_float() to
determine if the copy should float to the org_unit where the checkin
happened. This change makes the behavior consistent with a regular
checkin.
Bill Erickson [Tue, 3 Jan 2017 16:59:26 +0000 (11:59 -0500)]
LP#1653742 Copy tree authoritative API share cstores
Avoid opening one cstore connection per requested org unit in the
open-ils.cat.asset.copy_tree.retrieve.authoritative API by creating a
single shared cstore connection at the top of the API shared by all
API actions.
Kathy Lussier [Fri, 6 Jan 2017 16:13:26 +0000 (11:13 -0500)]
LP#1654534: Prevent loop that occurs when staff us 'place another hold' link
A hidden field that tracked the page the user was on before placing a hold was
inadvertently removed in another bug fix. As a result, if staff used the link
to place another hold on the same title, they were stuck in a loop where they
couldn't return to the source page after hitting the 'continue' button. This
commit restores that hidden field.
Also provides a fix so that hold labels used in the place another hold link
can be translated.
Signed-off-by: Kathy Lussier <klussier@masslnc.org> Signed-off-by: Ben Shum <ben@evergreener.net>
Precat checkout in the browser client no longer
requires the use of a circ modifier(when circ
modifiers exist). Similarly, no circ modifier
is chosen by default.
Mike Rylander [Tue, 31 Jan 2017 17:35:05 +0000 (12:35 -0500)]
LP#1660059: Protect against null value in group field
If a nullable event grouping field is configured, and a null value is indeed
encountered when pulling together events, the Action/Trigger code will exit
unceremoniously. To prevent this, we will now collect events with either
a null grouping object or grouping field, and use a new batch invalidation
API call to get rid of them as quickly as possible after group sorting is
complete.
Signed-off-by: Mike Rylander <mrylander@gmail.com> Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Change references of nonexistant scope variable args.date
to args.due_date, enabling edit due date to correctly
submit.
Signed-off-by: Kyle Huckins <khuckins@catalystdevworks.com>
Changes to be committed:
modified: Open-ILS/web/js/ui/default/staff/circ/patron/items_out.js
Remington Steed [Thu, 5 Jan 2017 15:03:48 +0000 (10:03 -0500)]
Docs: Add "export non-imported records"
This commit briefly describes the queue actions, summary and filter
sections of the Inspect Queue page in Vandelay, as well as explaining
the new "Export Non-Imported Records" action. This commit includes
updated screenshots.
Galen Charlton [Wed, 21 Dec 2016 21:32:26 +0000 (16:32 -0500)]
LP#1651808: avoid a class of intermittent search failures
This patch fixes a bug where catalog searches can sometimes fail
with a PostgreSQL error that looks like this:
ERROR: type of parameter 56 (double precision) does not match that when preparing the plan (numeric)
CONTEXT: PL/pgSQL function search.query_parser_fts(integer,integer,text,integer[],integer[],integer,integer,integer,boolean,boolean,boolean,integer) line 319 at assignment
In particular, it ensures that the relevance values are coerced
to the Pg NUMERIC data type regardless of how the core query is
constructed; otherwise, it can sometimes end up as a double
precision value. Because of how Pg backends cache query plans,
that change of type can result in the error above.
To test
-------
[1] (Optional) Configure the max_children values for open-ils.storage
to permit only one drone, which in turn forces all catalog
search requests to go through a single Pg backend.
[2] Set the default_preferred_language_weight opensrf.xml setting
to 0.
[3] Perform a catalog search that has just a filter, e.g.,
item_lang(eng).
[4] Perform a catalog search that includes search term, e.g.,
cats
[5] The second search should fail.
[6] Apply the patch and try steps 3 and 4 again; this time, both
searches should work.
Signed-off-by: Galen Charlton <gmc@esilibrary.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Conflicts:
Open-ILS/src/perlmods/lib/OpenILS/Application/Storage/Driver/Pg/QueryParser.pm
Dan Pearl [Thu, 2 Jun 2016 19:17:44 +0000 (15:17 -0400)]
LP#1586509 Bug fix to LP#1352542 caused extraneous blank line to appear in
spine label. This affected LC call numbers that had only one cutter number
plus additional text following.
Signed-off-by: Dan Pearl <dpearl@cwmars.org> Signed-off-by: Kathy Lussier <klussier@masslnc.org>
The switch to toISOString() to format dates introduced an off-by-one error in
the closed dates display, showing one extra day of closure due to the timezone
being ignored in toISOString().
toLocaleDateString() is the future of locale-sensitive date formats. In XUL,
because it is an old version of Firefox, it lacks locale sensitivity, but for
the purposes of the web staff client it's a good base to build on as even
Internet Explorer supports the locale and options arguments as of IE 11.
And for the immediate purposes of showing the right dates in the closed dates
editor, it works.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Dan Scott [Mon, 12 Dec 2016 20:39:08 +0000 (15:39 -0500)]
LP#1432753 Restore "All day" verbiage to Closed Dates editor
Commit ede7e78925 replaced the JSAN calls to util.date.formatted_date() with
inline date/time handling, in the process returning times with granularity to
the minute instead of to the second. This resulted in the test for "all day"
closings always failing.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Chris Sharp <csharp@georgialibraries.org>
Galen Charlton [Fri, 28 Oct 2016 15:42:52 +0000 (11:42 -0400)]
LP#1488655: fix MR remapping upon fingerprint change
This patch ensures that if the fingerprint of a bib changes, the
bib will be moved to a new metarecord as opposed to ending up
as a member of more than one metarecord.
To test
-------
[1] Note the metarecord that a bib belongs to.
[2] Change the bib so that its fingerprint changes -- with stock
cbf settings, editing the 245$a should suffice.
[3] Note that it is now a component of two metarecords.
[4] Apply the patch.
[5] Repeat step 2 or force a reingest. The bib should now be part
of exactly one metarecord.
Galen Charlton [Fri, 28 Oct 2016 15:40:52 +0000 (11:40 -0400)]
LP#1488655: regression test for metarecord remapping
This patch contains pgTAP tests for verifying that when
the fingerprint of a bib is changed, it remains part of
exactly one metarecord (as opposed to being part of both
its old and new MRs).
Kathy Lussier [Tue, 24 May 2016 00:09:34 +0000 (20:09 -0400)]
LP#1584807: Clicking column header should not unsort list
Clicking column headers in My Account cycled through ascending order,
descending order, and then unsorted. But unsorting a list after clicking a
header is unintutive to the user. Instead, it should toggle between ascending /
descending order.
Test plan
* Using the concerto dataset, log in as user 99999395984 / maes1234
* Go to the Items Out area of my account and click the title column header to
sort the list.
* The list will first sort alphabetically in ascending order, on a second click
will sort alphabetically in descending order, and, on a third click, will
return to the default sort order.
* After loading the patch, clicking the column header should only result in
sorting in ascending and descending order.
Dan Scott [Tue, 6 Sep 2016 17:53:02 +0000 (13:53 -0400)]
LP#1620750 Prevent log warning for uninit var in checkin_retarget()
If the retarget_mode variable is not initialized, then a warning is generated
in the logs every time an item is checked in. Avoid the warning by
short-circuiting before testing the value in the regex.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Furthermore, use the relatively new fpsum() utility function for summing
floating point numbers so we can avoid having multiple versions of the
summing logic floating (*cough*) around (*cough cough*).
Signed-off-by: Bill Erickson <berickxx@gmail.com> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Dan Scott [Fri, 16 Sep 2016 17:49:01 +0000 (13:49 -0400)]
LP#1624491 Avoid uninit var prox_cache during holds processing
open-ils.circ was logging a prox_cache hash value before it is
guaranteed to have been initialized. Instead, log messages _after_ they
have been initialized.
Signed-off-by: Dan Scott <dscott@laurentian.ca> Signed-off-by: Mike Rylander <mrylander@gmail.com>
Dan Scott [Sun, 2 Oct 2016 21:28:05 +0000 (17:28 -0400)]
Docs: add mpm_prefork config for Apache 2.4 systems
We had only documented the Apache 2.2 stanzas for mpm_prefork, so include a
section for 2.4 that uses MaxRequestWorkers and MaxConnectionsPerChild. Given
the memory leaks that we have seen, suggest lower settings for these two values
(assuming that most sites will be serving a public catalogue instead of using a
separate discovery layer).
Also fix the weird formatting where Debian instructions were indented under a
Fedora section.
Also use dots for ordered bullets instead of renumbering all of the bullets
again.
Dan Scott [Sun, 2 Oct 2016 14:04:04 +0000 (10:04 -0400)]
Docs: set up default action_trigger_filters.json file
Given that action_trigger_runner.pl looks by default for a file called
action_trigger_filters.json, instruct people to create that file when they are
first setting up their system.
The subject links in the record summary were stripping periods, changing
headings that contained N.Y., for example, to NY in the subsequent search
string. Since normalization at index time replaces the period with a space,
clicking the subject links did not successfully retrieve all relevant
results.
Test plan:
Click the Subject link for a record that has New York (N.Y.) in its heading and
has no other instances of ny in the keyword index. This record will not be
retrieved when you click the link. After loading the patch, the record will be
successfully retrieved, along with other records that contain New York (N.Y.) in
their subject headings.
Signed-off-by: Kathy Lussier <klussier@masslnc.org> Signed-off-by: Dan Wells <dbw2@calvin.edu>
Josh Stompro [Fri, 19 Aug 2016 20:31:11 +0000 (15:31 -0500)]
LP#1494750 - Extra closing curly bracket in style.css disables following css
Which is the .sort_deemphasize class, so the modification of the non-filing
characters never happens in the sort results.
Test Plan:
Needed: Patron account with checkout history that contains titles with
non filing characters.
Before change, view the checkout history and sort by title. Note that the
leading non filing characters look the same as the rest of the title.
After change, view the checkout history and sort by title. Note that the
leading non filing characters now have a different style than the rest
of the title.
Bill Erickson [Fri, 23 Sep 2016 17:56:42 +0000 (13:56 -0400)]
LP#1526159 Webstaff Items Out includes overdue, etc.
Items Out tally in patron summary (side-bar) is now consistent with the
Items Out value displayed along the top of the patron UI. It now includes
overdues and optionally lost/claims-returned total.
Displays a progress bar while waiting for results from a patron search
in the browser client. Bar only displays when a server-side search is
required. (It's not displayed for cached searches, etc.). Results grid
is hidden while the progress bar is visible and vice versa.
This commit applies Bill Erickson's change from bug #1227344 to the fund
selector that appears on the Selection List (picklist) screen when you click
"Copies" to reveal the line items table. (Bill also mentioned this in
bug #1266471.)
Signed-off-by: Remington Steed <rjs7@calvin.edu> Signed-off-by: Chris Sharp <csharp@georgialibraries.org> Signed-off-by: Dan Wells <dbw2@calvin.edu>