Software. The vulnerability was detected by Yuri Goltsev, Positive Technologies Research Lab
The GetPendingReserveOnItem function created for #8315135 was being too inclusive in its query, triggering the appearance of item-level holds in the detail view even when there were none. This patch changes it so it only returns a defined value if there is an item-level hold or the item has an associated reserve that is Waiting or in Transit.
If the item associated with a course reserve is deleted, the course reserve itself will not show and cannot be deleted. This makes it impossible to delete the course. This patch detects the presence of this unresolved state and resolves it by deleting the unrecoverable, stuck reserve.
This patch changes the barcode entry from a text to textarea, processing multiple line-separated barcodes to be added to a course simultaneously.
Use of "itemtype" instead of "itype" caused the value to be clobbered.
CheckReserves() was being called for each item in the title, and that function in turn iterates over every reserve on the title. This is a lot of iterating when there are titles with lots of reserves that also have lots of items, which is typically the case. Calls within this tend to be very expensive, particularly GetMember. This patch creates a new function, C4::Reserves::GetPendingReserveOnItem, that is a streamlined way of getting the information required for catalogue/detail.pl, which greatly improves performance of that script.
The problem was related to the data being submitted in MARC blob format. It should be in XML format.
UI ambiguity was contributing to a situation where it was easy for a patron to think they were renewing an item when in fact they were choosing to indicate they had returned it. A working button in a table column labeled "Renew" should only be able to renew items, rather than quietly presenting the very similar option to "Return Item". This patch disables one-click returns and makes the item's unavailability more visually apparent.
for grabbing itemnumbers from search to add to label batch
Patch fixes template hijinks with <TMPL_IF>s, <div>s, and granular permissions
The --subject switch was not configured to work correctly.
…erguson This patch fixes a bug in the expired holds report. It appears that the the cancellation report was OK. It also changes the sorting to sort by expirationdate/cancellationdate respectively. This patch is designed for PTFS 1.2.
at check-in - URGENT The necessary code to handle a "From home library" hold policy was mysteriously removed. This patch brings this logic back.
…h space. Allows 035 dup matching on import staging.