[Bug 21293] New: Display of housebound delivery information broken by Bug 13618

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] New: Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

            Bug ID: 21293
           Summary: Display of housebound delivery information broken by
                    Bug 13618
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: ASSIGNED
          Severity: enhancement
          Priority: P5 - low
         Component: Circulation
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]
                CC: [hidden email],
                    [hidden email],
                    [hidden email],
                    [hidden email]
        Depends on: 13618

A stray " | html " filter in the housebound template means that none of the
housebound delivery details are showing up.


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=13618
[Bug 13618] Prevent XSS in the Staff Client and the OPAC
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Owen Leonard <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |Needs Signoff
   Patch complexity|---                         |Trivial patch

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

--- Comment #1 from Owen Leonard <[hidden email]> ---
Created attachment 78314
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=78314&action=edit
Bug 21293: Display of housebound delivery information broken by Bug 13618

This patch corrects the patron housebound details template. A stray
"html" filter broke display of delivery information.

To test, apply the patch and enable the HouseboundModule system
preference.

 - Open a patron record and select the "Housebound" tab in the left-hand
   navigation menu.
 - Click "Add a new deliver" and save some delivery details.
 - Upon saving you should be directed back to the housebound details
   page. All the details of the delivery you saved should appear
   correctly.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|enhancement                 |major

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Needs Signoff               |Signed Off

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Jonathan Druart <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #78314|0                           |1
        is obsolete|                            |

--- Comment #2 from Jonathan Druart <[hidden email]> ---
Created attachment 78341
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=78341&action=edit
Bug 21293: Display of housebound delivery information broken by Bug 13618

This patch corrects the patron housebound details template. A stray
"html" filter broke display of delivery information.

To test, apply the patch and enable the HouseboundModule system
preference.

 - Open a patron record and select the "Housebound" tab in the left-hand
   navigation menu.
 - Click "Add a new deliver" and save some delivery details.
 - Upon saving you should be directed back to the housebound details
   page. All the details of the delivery you saved should appear
   correctly.

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

--- Comment #3 from Jonathan Druart <[hidden email]> ---
Created attachment 78342
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=78342&action=edit
Bug 21293: Remove another misplaced html filter on housebound.tt

Signed-off-by: Jonathan Druart <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|Signed Off                  |BLOCKED
                 CC|                            |[hidden email]

--- Comment #4 from Marcel de Rooy <[hidden email]> ---
QA: Looking here

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         QA Contact|[hidden email]-communit |[hidden email]
                   |y.org                       |

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #78341|0                           |1
        is obsolete|                            |

--- Comment #5 from Marcel de Rooy <[hidden email]> ---
Created attachment 78640
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=78640&action=edit
Bug 21293: Display of housebound delivery information broken by Bug 13618

This patch corrects the patron housebound details template. A stray
"html" filter broke display of delivery information.

To test, apply the patch and enable the HouseboundModule system
preference.

 - Open a patron record and select the "Housebound" tab in the left-hand
   navigation menu.
 - Click "Add a new deliver" and save some delivery details.
 - Upon saving you should be directed back to the housebound details
   page. All the details of the delivery you saved should appear
   correctly.

Signed-off-by: Jonathan Druart <[hidden email]>

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #78342|0                           |1
        is obsolete|                            |

--- Comment #6 from Marcel de Rooy <[hidden email]> ---
Created attachment 78641
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=78641&action=edit
Bug 21293: Remove another misplaced html filter on housebound.tt

Signed-off-by: Jonathan Druart <[hidden email]>

Signed-off-by: Marcel de Rooy <[hidden email]>

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Marcel de Rooy <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|BLOCKED                     |Passed QA

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

--- Comment #7 from Marcel de Rooy <[hidden email]> ---
Some testing told me:

A construction with an assignment and a filter may be dangerous.
Like this one:
[% test = housebound_profile.housebound_visits | html  %]
housebound_profile is an object; visits is the returned arrayref.
Somehow, the html filter in TT makes that template var test becomes the string
ARRAY(..) instead of an array.

In the second patch we remove the filter from
[% hpd = housebound_profile.day | html %]
This is less problematic, since day is a string already.

Lesson:
All occurrences of [% var = something | html %] are error prone. If something
is not a string, but an object, array, hash etc., we are in trouble.
This probably needs more attention since we are passing objects to templates in
more scripts.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

--- Comment #8 from Jonathan Druart <[hidden email]> ---
(In reply to Marcel de Rooy from comment #7)
> Lesson:
> All occurrences of [% var = something | html %] are error prone. If
> something is not a string, but an object, array, hash etc., we are in
> trouble.
> This probably needs more attention since we are passing objects to templates
> in more scripts.

Yes, that's a problem the script did not spot/handle. I searched for other
occurrences but did not find any.

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|

[Bug 21293] Display of housebound delivery information broken by Bug 13618

bugzilla-daemon
In reply to this post by bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21293

Nick Clemens <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |[hidden email]
             Status|Passed QA                   |Pushed to Master

--- Comment #9 from Nick Clemens <[hidden email]> ---
Awesome work all!

Pushed to master for 18.11

--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/