https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=35072
Bug ID: 35072
Summary: Invalid usage of "&" in JavaScript intranet-tmpl
script redirects
Change sponsored?: ---
Product: Koha
Version: 23.05
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Templates
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
There are several files under `koha-tmpl/intranet-tmpl/prog/js/**.js`, where
`&` character in the URLs is incorrectly replaced with `&`.
In practice, `&` should only ever be used a part of HTML elements, for
example inside of <a href=""> link. Using it in JS redirects such as
`window.location="addbiblio.pl?op=delete&biblionumber=` is incorrect!
The `&` part is preserved like this by both the web browser and the web
server.
This creates several bugs, such as the one I've encountered and managed to
trace back to this very issue. For example this makes you unable to delete a
biblio record in admin interface AT ALL. To reproduce just install a fresh Koha
installation, import a record and try to delete it. It would redirect you to
the search.pl page, but nothing would happen.
I traced the above to this:
https://github.com/Koha-Community/Koha/blob/f27ed123be8ac1f0ecd76cd54ed9c2a8e591aefe/koha-tmpl/intranet-tmpl/prog/js/catalog.js#L55
Which causes the variable `$biblionumber` to be null here:
https://github.com/Koha-Community/Koha/blob/f27ed123be8ac1f0ecd76cd54ed9c2a8e591aefe/cataloguing/addbiblio.pl#L488
Which causes the `$frameworkcode` variable to be unpopulated here:
https://github.com/Koha-Community/Koha/blob/f27ed123be8ac1f0ecd76cd54ed9c2a8e591aefe/cataloguing/addbiblio.pl#L510-L511
Which causes the following warnings:
```
[2023/10/17 09:04:43] [WARN] Use of uninitialized value $frameworkcode in
string eq at /usr/share/koha/intranet/cgi-bin/cataloguing/addbiblio.pl line
513.
[2023/10/17 09:04:43] [WARN] Use of uninitialized value $frameworkcode in
string eq at /usr/share/koha/intranet/cgi-bin/cataloguing/addbiblio.pl line
517.
[2023/10/17 09:04:43] [WARN] Use of uninitialized value $frameworkcode in
string eq at /usr/share/koha/intranet/cgi-bin/cataloguing/addbiblio.pl line
536.
```
I did a quick search, and found out that these files need to be corrected:
* koha-tmpl/intranet-tmpl/prog/js/catalog.js
* koha-tmpl/intranet-tmpl/prog/js/members-menu.js
* koha-tmpl/intranet-tmpl/prog/js/holds.js
* koha-tmpl/intranet-tmpl/prog/js/cart.js
* koha-tmpl/intranet-tmpl/prog/js/ill-list-table.js
* koha-tmpl/intranet-tmpl/prog/js/pages/results.js
I ended up submitting it as bug, as it will probably be much faster to get
submitted and approved by someone who already has a dev workflow set up to
contribute the patch...
Not sure if the severity I used is okay, but this prevents many features in the
UI from working properly at all, so I think it is pretty important to fix this
quickly. The random bugs/partial breakage this can cause can make
hard-to-notice and hard-to-trace problems appear...
--
You are receiving this mail because:
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
