Poor input cleansing can allow a well-constructed cookie to return the contents of arbitrary file system objects.
15 05 pt18095857 1 02
Summary info 01 02
Patron summary info was still sending back HASH values rather than item barcodes. The renew all response was also adjusted to indicate correctly whether a specific item was renewed or not.
Mtpl sip 01 02
While SIP2 specifies that variable fields can appear in any order. A broken client requires that institution ID is first in the Patron Info Response. Patch modified and ported from Colin Campbell <email@example.com>
A new <options> tag has been accounted for in SIPconfig.xml. Specifically the field ok_patron_pin has been coded for which, when set to 1, will result in the patron PIN validation response to always be set to yes (i.e. |CQY|).
…table Also delete vestigial 'lowestPriority' column.
Parentheses were missing from around branches list.
07 02 pt11414367 1 02
The GetPendingReserveOnItem function created for #8315135 was being too inclusive in its query, triggering the appearance of item-level holds in the detail view even when there were none. This patch changes it so it only returns a defined value if there is an item-level hold or the item has an associated reserve that is Waiting or in Transit.
If the item associated with a course reserve is deleted, the course reserve itself will not show and cannot be deleted. This makes it impossible to delete the course. This patch detects the presence of this unresolved state and resolves it by deleting the unrecoverable, stuck reserve.
This patch changes the barcode entry from a text to textarea, processing multiple line-separated barcodes to be added to a course simultaneously.
Use of "itemtype" instead of "itype" caused the value to be clobbered.
CheckReserves() was being called for each item in the title, and that function in turn iterates over every reserve on the title. This is a lot of iterating when there are titles with lots of reserves that also have lots of items, which is typically the case. Calls within this tend to be very expensive, particularly GetMember. This patch creates a new function, C4::Reserves::GetPendingReserveOnItem, that is a streamlined way of getting the information required for catalogue/detail.pl, which greatly improves performance of that script.
The problem was related to the data being submitted in MARC blob format. It should be in XML format.
UI ambiguity was contributing to a situation where it was easy for a patron to think they were renewing an item when in fact they were choosing to indicate they had returned it. A working button in a table column labeled "Renew" should only be able to renew items, rather than quietly presenting the very similar option to "Return Item". This patch disables one-click returns and makes the item's unavailability more visually apparent.