commit c3169205eced4a862be39120ea7db82b116e1435 Author: David Cook Date: Mon Jan 19 23:29:01 2026 +0000 Bug 41662: Prevent CSRF on opac-patron-consent.pl This change prevents CSRF on opac-patron-consent.pl by adding checking of the "op". Test plan: 0. Apply the patch and koha-plack --restart kohadev 1. Set system preference PrivacyPolicyConsent to "permissive" 2. Log into the OPAC and go to this path: /cgi-bin/koha/opac-patron-consent.pl?check_GDPR_PROCESSING=1 3. Note that it doesn't change the consent 4. Go to this path: /cgi-bin/koha/opac-patron-consent.pl?check_GDPR_PROCESSING=0 5. Note that it doesn't change the consent 6. Click the "Yes" radio button and click "Save" 7. Note it changes the consent to Yes 8. Click the "No" radio button and click "Save" 9. Note it changes the consent to No Signed-off-by: Marcel de Rooy Signed-off-by: Lucas Gass commit c1d863902a47b4f3091a2050a4eab977968bcaf2 Author: Lisette Scheer Date: Fri Jan 16 15:59:32 2026 +0000 Bug 41593: (QA follow-up) Move cypress test This patch moves the cypress test into the Acqusitions folder to help keep t/cypress/integration organized as we add more tests. Signed-off-by: Lucas Gass commit 1e5d8703daf85c21ac127a43a301f5330501ae19 Author: Jonathan Druart Date: Mon Jan 12 11:43:22 2026 +0100 Bug 41593: Add a Cypress test Signed-off-by: Jonathan Druart Signed-off-by: Lisette Scheer Signed-off-by: Lucas Gass commit 690bd0568ffc4ee879b3be80c916d3475cfe5578 Author: David Cook Date: Sun Jan 11 23:38:38 2026 +0000 Bug 41593: Validate displayby parameter in suggestion.pl This change validates the displayby parameter in suggestion.pl in order to prevent SQL injection. Test plan: 0. Do not apply the patch 1. Log into the staff interface 2. Visit the path /cgi-bin/koha/suggestion/suggestion.pl? op=else&displayby=status+AND+EXTRACTVALUE(1,CONCAT(0x7e,@@version)) 3. Notice a 500 error is generated 4. In the error logs, the MySQL version number will appear 5. Apply the patch 6. koha-plack --restart kohadev 7. Visit the path /cgi-bin/koha/suggestion/suggestion.pl? op=else&displayby=status+AND+EXTRACTVALUE(1,CONCAT(0x7e,@@version)) 8. Notice that no error is generated 9. Try each of the "Organize by" options on the left nav bar 10. Note that none of them generate an error and that the option is retained after clicking "Go" Signed-off-by: Jonathan Druart Signed-off-by: Lisette Scheer Signed-off-by: Lucas Gass commit 64796fde356678cd36e084624c40098e4319fc4e Author: Owen Leonard Date: Fri Jan 9 09:29:24 2026 -0500 Bug 41586: Fix spacing problem in display of patron names This patch updates patron-title.inc which generates the output of patron names throughout Koha. Some whitespace is added to the display of borrowers.othernames and spaces removed from the maybe_span WRAPPER. To test, apply the patch and create or edit a patron in the staff client. - Add a value to all the name fields: Surname, first name, preferred name, middle name, and other name. - Save the patron and check the display of their name on the patron detail page. The name in the page heading and sidebar should have correct spacing. - Place a hold for that patron to be picked up at the logged-in library. - Go to Circulation -> Holds to pull and confirm that the patron name is displayed correctly (this tests the display when the format is lastname, firstname). - Edit the same patron and change its category to an organizational one (Inter-Library Loan, Library, or School in the sample data). - View the same pages listed above and confirm that the name displays correctly. Sponsored-by: Athens County Public Libraries Signed-off-by: Manvi Signed-off-by: Laura_Escamilla Signed-off-by: Lucas Gass commit 91a78d1aeca15f0d6ff74980934a0dfc17089cbf Author: Nick Clemens Date: Fri Jan 23 19:55:11 2026 +0000 Bug 41700: Unit test Signed-off-by: Nick Clemens Signed-off-by: Tomás Cohen Arazi Signed-off-by: Lucas Gass commit 1c600598081dc79d00826fd1373b535ebc339a0d Author: Nick Clemens Date: Fri Jan 23 19:46:43 2026 +0000 Bug 41700: Update note_date to datetime This patch updates the swaager definition to have the correct format To test: 1 - Enable issue notes: AllowCheckoutNotes preference 2 - Issue an item to a patron 3 - Sign in to opac as that patron, add a note 4 - Have staff client open and a second tab try: http://localhost:8081/api/v1/checkouts/ 5 - Error "message":"Does not match date format.","path":"\/body\/0\/note_date" 6 - Apply patch, yarn build, restart all 7 - Refresh the page 8 - Success! Signed-off-by: Nick Clemens Signed-off-by: Tomás Cohen Arazi Signed-off-by: Lucas Gass commit b034685fe8b8858a850629d331648cfc6dd460d7 Author: Nick Clemens Date: Wed Nov 26 16:23:58 2025 +0000 Bug 41315: Don't change which branch is used for getting the transports See bug 41316 - the script uses the triggers of the issuing branch when sending by patron library - we shouldn't change this here, but on the next bug Signed-off-by: Ben Daeuber Signed-off-by: Marcel de Rooy Signed-off-by: Lucas Gass commit 37eda84469781381d2cd27072e04e80ae54cc01c Author: Nick Clemens Date: Wed Nov 26 16:20:39 2025 +0000 Bug 41315: (follow-up) Rename statements for clarity Signed-off-by: Ben Daeuber Signed-off-by: Marcel de Rooy Signed-off-by: Lucas Gass commit ce848197e5df8f7b7cbde818edb78cf25028ce7a Author: Nick Clemens Date: Wed Nov 26 16:06:26 2025 +0000 Bug 41315: Remove unecessary conditional We are in a loop here: foreach my $branchcode (@branches) { branchcode must be defined or something has gone seriously wrong with PERL Signed-off-by: Ben Daeuber Signed-off-by: Marcel de Rooy Signed-off-by: Lucas Gass commit 914c8be2c0dc5204a01f32efb2d7efdec14e9071 Author: Nick Clemens Date: Wed Nov 26 15:38:15 2025 +0000 Bug 41315: Change only notice branchcode when OverDueNoticeFrom is set to patron-homelibrary This patch adds a new variable $notice_branchcode and uses this when getting the patron's homelibrary to ensure we don't change the branch we are using. To test: 1 - At branch A - checkout three items, 1 day overdue to 3 patrons of the same category from different branches (not A) 2 - Set the system preference OverdueNoticeFrom to 'patron home library' 3 - Browse to More->Tools->Overdue notice/status triggers 4 - Set overdue triggers for default library and the category used above to: Delay: 1 Letter: Overdue notice (ODUE) 5 - From the command line run the overdue notices: perl misc/cronjobs/overdue_notices.pl --triggered --library CPL --test --nomail -v -v 6 - Note that we begin pass 1 with CPL and then use a different branch for passes 2 and 3 7 - Apply patch 8 - Repeat 9 - Confirm branch is consistent 10 - Run without branch param: perl misc/cronjobs/overdue_notices.pl --triggered --library CPL --test --nomail -v -v 11 - Confirm branches are consistent Signed-off-by: Ben Daeuber Signed-off-by: Marcel de Rooy Signed-off-by: Lucas Gass commit 1e4b9e33c790b2b0bb13468f9b8338c704c8f537 Author: Paul Derscheid Date: Wed Jan 21 12:01:53 2026 +0100 Bug 39916: (QA follow-up) Fix typo in test comment Signed-off-by: Paul Derscheid Signed-off-by: Lucas Gass commit 6c63cb90fa60fe0d2b7d89ac6fda774081f119f0 Author: Martin Renvoize Date: Wed Dec 31 12:17:42 2025 +0000 Bug 39916: Fix booking modal race conditions and redraw issues This patch addresses two critical issues in the booking modal: 1. Race condition in edit mode: When editing a booking, the item selection would sometimes fail to properly initialize because the item options weren't fully loaded with their data attributes. This caused the itemtype field to not auto-populate correctly. Fixed by moving the item pre-selection to occur after a brief delay and ensuring the select2:select event is triggered with proper data parameters including the element reference. 2. Flatpickr redraw issue: The datepicker would lose its disabled dates after certain operations because the disable configuration wasn't being reapplied during redraws. Fixed by explicitly setting the disable configuration before calling redraw() to ensure disabled dates are properly maintained. Additionally fixes a scope issue with the booking loop variable. Test plan: 1. Create a booking with specific dates 2. Edit the booking - verify the item and itemtype are correctly selected 3. Change selections in the modal - verify disabled dates remain correct 4. Create new bookings - verify date restrictions work properly Signed-off-by: Kristi Krueger Signed-off-by: Andrew Fuerste Henry Signed-off-by: Paul Derscheid Signed-off-by: Lucas Gass commit acc2985e6aebedc99c22cf80db7c8ef3c44ee6c5 Author: Martin Renvoize Date: Tue Dec 23 17:08:21 2025 +0000 Bug 39916: Cypress tests for the bookings modal This patch adds comprehensive Cypress end-to-end tests for the booking modal, covering all critical functionality to prevent regressions. Test coverage includes: - Basic modal functionality (bookingsModalBasic_spec.ts): * Modal loading and initial state * Progressive field enabling based on user selections * Item type and item dependencies * Form validation * Booking submission (create and update) * Form interactions and field visibility * Edit mode functionality * Error handling - Date picker functionality (bookingsModalDatePicker_spec.ts): * Flatpickr initialization with future-date constraints * Date disabling for existing bookings * Date range validation * Circulation rules date calculations and visual feedback * Lead and trail period functionality * Event dots for dates with existing bookings These tests ensure the booking modal works correctly across all scenarios and helps maintain code quality during future development. Test plan: 1. Run the tests inside KTD container: docker exec --user kohadev-koha --workdir /kohadevbox/koha -i kohadev-koha-1 \ bash -c 'npx cypress run --spec "t/cypress/integration/Circulation/bookings*.ts"' 2. Verify all 15 tests pass (9 basic + 6 datepicker) 3. Confirm test coverage is comprehensive for the booking modal Signed-off-by: Kristi Krueger Signed-off-by: Andrew Fuerste Henry Signed-off-by: Paul Derscheid Signed-off-by: Lucas Gass commit 7c4f5eeb56602ef2b8cd014dd7b3eec39fbe7e98 Author: Martin Renvoize Date: Mon May 19 13:29:49 2025 +0100 Bug 39916: Add flatpickr helpers to cypress This adds helper methods for cypress to work with flatpickr date pickers: - openFlatpickr() - open the calendar - selectFlatpickrDate() - select a single date - selectFlatpickrDateRange() - select date range - clearFlatpickr() - clear the selected dates - getFlatpickrDate() - get specific date element - getFlapickrSelectedDates() - get flatpickr selected dates array - navigateToFlatpickrMonth() - navigate calendar These helpers simplify date picker testing when using flatpickr. Signed-off-by: Kristi Krueger Signed-off-by: Andrew Fuerste Henry Signed-off-by: Paul Derscheid Signed-off-by: Lucas Gass commit de4badb16624efe1b2e3fc4f5914dd4a8f7fc4ed Author: Martin Renvoize Date: Fri May 16 11:35:38 2025 +0100 Bug 39916: Add select2 helpers to cypress This adds helper methods for cypress to work with select2 dropdowns: - selectFromSelect2ByIndex() - select by option index - selectFromSelect2() - select by text value - clearSelect2() - clear selection These helpers handle the complexities of interacting with Select2 components which cannot be selected using standard Cypress commands. Signed-off-by: Kristi Krueger Signed-off-by: Andrew Fuerste Henry Signed-off-by: Paul Derscheid Signed-off-by: Lucas Gass commit 72b06d3576f08275f8cc4650e12ae6fff1138c5e Author: Jonathan Druart Date: Thu Jan 8 10:39:16 2026 +0100 Bug 41561: Remove 'tab' from admin/aqbudgetperiods commit 4b312b141ab2dddfac5da1034338a1634cb504e4 CommitDate: Wed Sep 19 16:17:16 2012 +0200 Bug 8117: Divide budget periods into two tabs It was used at the time +$url = "aqbudgetperiods.pl?tab=2"; But this has been removed by commit 870104ce117f8c4a303107fb24c8c3d2b7a886b0 Date: Mon Mar 21 09:32:39 2016 -0400 Bug 13464 - Standardize the pagination class Signed-off-by: Owen Leonard Signed-off-by: Marcel de Rooy Signed-off-by: Lucas Gass commit 8b532fc8f464382a379a75bfde8f5e66defa91f4 Author: Jonathan Druart Date: Thu Jan 8 11:42:53 2026 +0100 Bug 41560: Remove id="js" from script tags Both files koha-tmpl/intranet-tmpl/prog/en/modules/catalogue/issuehistory.tt koha-tmpl/intranet-tmpl/prog/en/modules/members/readingrec.tt have