← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
Time | Nick | Message |
---|---|---|
00:14 | jcamins | Joel was right. |
00:18 | maximep left #koha | |
00:25 | wizzyrea | http://www.clker.com/cliparts/[…]nna-hate18-hi.png |
00:28 | trea joined #koha | |
00:28 | trea | also, Snape kills Dumbledore. that is all. |
00:30 | trea left #koha | |
00:46 | dcook | lol |
00:46 | I just noticed trea left after that one | |
00:46 | * dcook | was not impressed with that spoiler when he originally heard it |
00:48 | NateC joined #koha | |
00:54 | trea joined #koha | |
00:55 | BobB joined #koha | |
00:57 | papa joined #koha | |
01:01 | wizzyrea | Use the force, Harry. -- Love, Gandalf. |
01:01 | trea | ^^ |
01:16 | trea joined #koha | |
01:20 | trea joined #koha | |
01:22 | mtompset joined #koha | |
01:23 | mtompset | Greetings, #koha. |
01:23 | Silly VM causing networking issues. | |
01:30 | eythian | @wunder nzwn |
01:30 | huginn | eythian: The current temperature in Wellington, New Zealand is 13.0°C (2:00 PM NZDT on November 26, 2013). Conditions: Light Rain Showers. Humidity: 94%. Dew Point: 12.0°C. Pressure: 29.74 in 1007 hPa (Steady). |
02:06 | wizzyrea | does anyone remember a bug about item level holds not appearing on the hold queue? |
02:07 | I can't find it, and I am *sure* it was a bug. | |
02:08 | rangi | hmm |
02:09 | @search item level holds | |
02:09 | huginn | rangi: (search <word>) -- Searches for <word> in the current configuration variables. |
02:09 | rangi | @query item level holds |
02:09 | huginn | rangi: 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=2894 major, P3, ---, paul.poulain, NEW , Routing list holds are broken |
02:09 | rangi: 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=3060 major, P5 - low, ---, gmcharlt, NEW , item number not on holds to pull report | |
02:09 | rangi: 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=10162 normal, P5 - low, ---, gmcharlt, NEW , holds shouldn't be allowed on the title level of analytics | |
02:09 | rangi: 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=8723 critical, P5 - low, ---, koha-bugs, NEW , holds don't transfer when moving items | |
02:09 | rangi: 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=8859 normal, P5 - low, ---, koha-bugs, NEW , Item level holds not trapped if circ rules for item type are set to 'no holds allowed' | |
02:09 | eythian | bug 3060 looks possibly likely |
02:09 | huginn | 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=3060 major, P5 - low, ---, gmcharlt, NEW , item number not on holds to pull report |
02:09 | eythian | no wait |
02:09 | I misread it | |
02:10 | wizzyrea | mmmm |
02:12 | rambutan joined #koha | |
02:30 | wizzyrea | bug 10311 |
02:30 | huginn | 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=10311 major, P5 - low, ---, kyle.m.hall, Pushed to Stable , Holds queue ignores item-level holds where only one items exists |
02:30 | rangi | ah ha |
03:10 | pianohacker joined #koha | |
03:29 | mtompset | Greetings, pianohacker rambutan rangi. |
03:30 | Greetings, eythian too. :) | |
03:30 | eythian | hi |
03:30 | wahanui | hola, eythian |
04:38 | * dcook | seems to remember hearing about someone seeking to rewrite the circ rules... |
04:38 | dcook | If they do a good job, I will buy them beer |
04:38 | "Also, these policies are based on the patron's home library, not the library where the hold is being placed.." | |
04:38 | Umm, what? | |
04:39 | pastebot | "dcook" at 127.0.0.1 pasted "holds? what?" (7 lines) at http://paste.koha-community.org/6 |
04:40 | dcook | Wait...maybe I do understand it.. |
04:44 | rangi | yep it means what it says, if they place a hold at branch x, but their home library is branch y .. the rules from branch y are used |
04:45 | dcook | What if the rule is that no items from branch x can be put on hold? |
04:47 | Or does that just mean in regards to the syspref doing the override? | |
04:47 | If that's the case, that makes sense | |
04:48 | It just seems like "these policies" might be referring to two different sets of policies | |
04:49 | Must run though | |
04:49 | Thanks for answering, rangi :)( | |
04:49 | :)* | |
05:23 | edveal joined #koha | |
05:24 | edveal | Darn I was hoping I would catch Larryb working late. |
05:26 | yhager joined #koha | |
05:55 | WaylonR joined #koha | |
05:55 | WaylonR | hi all |
06:14 | mtompset | Hello and goodbye. |
06:14 | Have a great day, #koha. | |
06:25 | dpk1 joined #koha | |
06:28 | busla joined #koha | |
06:32 | cait joined #koha | |
06:40 | dpk1 joined #koha | |
06:48 | alexia joined #koha | |
06:51 | alexia | hello, we are new to koha and we have a problem with authorities, they do not display even though i have run the indexer through the command misc/migration_tools/rebuild_zebra.pl -b -r -v. Is there any other indexer i need to run? Also , how do we create punctuation in cataloguing? |
06:51 | WaylonR | alexia, -a is authorities. |
06:51 | so, -b -a -r | |
06:52 | -v if you really want verbose | |
06:52 | alexia | ok ill try this now and let you know, thanx! |
07:03 | laurence joined #koha | |
07:13 | WaylonR | okay, using straight koha-master, can't login, keep getting 'session timed out' after logging in and clicking something. |
07:32 | is git.koha-community.org down? | |
07:32 | cait | seems a bit slow |
07:33 | WaylonR: try deleting your cache | |
07:33 | WaylonR | did that. |
07:33 | cait | maybe it's a bad session cookie |
07:33 | also, did you change your timeout setting? | |
07:33 | WaylonR | and git pull/fetch isn't working. |
07:33 | cait | yeah i can't access the page either |
07:33 | we might have to wait for US waking up to fix it | |
07:34 | WaylonR | welp... guess ill do koha another day. |
07:37 | reiveune joined #koha | |
07:38 | reiveune | hello |
07:38 | wahanui | bonjour, reiveune |
07:43 | paul_p joined #koha | |
07:46 | WaylonR | gits back |
07:50 | hmmmmm. | |
07:51 | i really have no idea why the system is kicking me out, cait.. i cleared cache. and timeout is set to 1800 | |
07:51 | cait | hm confusing |
07:51 | maybe check if there is something in the logs? | |
07:52 | WaylonR | and git is being abit slow yeds. |
07:52 | yes | |
07:53 | cait | ok, have to run |
07:53 | bbl | |
07:59 | alex_a joined #koha | |
07:59 | WaylonR | gitweb / git. is being really slow... |
08:01 | gaetan_B joined #koha | |
08:01 | gaetan_B | hello |
08:01 | wahanui | bidet, gaetan_B |
08:06 | sophie_m joined #koha | |
08:07 | Joubu | hi #koha |
08:34 | cait joined #koha | |
08:34 | cait | good morning #koha |
09:32 | ashimema++ | |
09:33 | gmcharlt: ping me when you have a few mins please? | |
09:59 | trea joined #koha | |
10:01 | trea joined #koha | |
10:03 | rangi | Joubu: why use a whitelist, not use reftype ? |
10:05 | Joubu | rangi: I don't understand what you want to do with reftype :) |
10:06 | rangi | right |
10:06 | so an object is just a blessed array | |
10:06 | sorry blessed hash | |
10:06 | ref cant understand that | |
10:06 | cait | maybe give an example? |
10:06 | rangi | reftype can |
10:06 | reftype($object) eq 'HASH' | |
10:07 | Joubu | yes, it is what I do. But in fact I have to encode only some object |
10:07 | Koha::Schema and DateTime is too big | |
10:07 | and it is useless to encode values | |
10:07 | There is no string we want to display | |
10:08 | Currently only C4::Category causes problems | |
10:09 | rangi | then i cant see how that is any better than just adding the html_entity filter |
10:09 | Joubu | rangi: if I "parse" all objects and all members of these objects, the load will increase significantly |
10:09 | * cait | wishes she would understand what you 2 are talking about - but i hope it can be solved |
10:11 | Joubu | I think it is better to fix the issue into a pm rather than in all tt files displaying a member of a C4::Category object |
10:11 | cait | i think there was also someone worried about html_entity having not all possible characters? |
10:11 | i only saw it on the bug | |
10:12 | rangi | they are both the wrong solution |
10:12 | Joubu | rangi: yes :) |
10:12 | rangi: what is the good one ? :) | |
10:13 | rangi | store and retrieve the item properly |
10:13 | we shouldnt be doing any encodes | |
10:13 | on display | |
10:16 | fredericd | cait: Is there a bug umbrella covering JavaScript translatable texts bad formating? => _(' rather than _(" |
10:17 | * rangi | goes to sleep |
10:17 | Joubu | rangi: That is a big development, isnt it? |
10:17 | rangi: good night | |
10:17 | wahanui | I watch you sleep. |
10:23 | cait | fredericd: there might, but i think easier to just open one that can then be lcosed |
10:24 | wahanui: you can think that, but not say it aloud - it's creepy ;) | |
10:24 | wahanui | cait: i'm not following you... |
10:29 | fredericd | cait: seen bug 8942 |
10:29 | wahanui | bug was last seen on #koha 2 years, 88 days, 7 hours, 28 minutes and 15 seconds ago, saying: seneca: rangi is a man :P [Wed Aug 31 03:01:06 2011] |
10:29 | huginn | 04Bug http://bugs.koha-community.org[…]w_bug.cgi?id=8942 normal, P5 - low, ---, frederic, RESOLVED FIXED, Translation process breaks javascript in calendar.inc |
10:30 | cait | fredericd: hm yes - not sure I understand what you want to do |
10:30 | fredericd: if there is a new occurence i woudl put it on a new bug I think - it's just easier to track. The omnibus bugs arre getting really huge fast | |
10:30 | fredericd: maybe could have linked bugs to an omnibus one, but I don't think we have one yet | |
10:31 | fredericd | cait: Ok. I will open a new bug. xt/single_quotes.t test has to be expanded to test Bootstrap theme also |
10:31 | cait | aaah ok |
10:31 | that makes sense | |
10:31 | fredericd | There is something wrong on Bootstrap opac-detail.tt which break display in French when single quote is used |
10:32 | cait | fredericd: that makes sense, expanding the test and fixing every problem pointed out would be good |
10:37 | sophie_m joined #koha | |
10:37 | WaylonR | okay, ive updated to current master.. and still its kicking me out of koha after logging in successfully, and doing something. |
10:37 | cait | WaylonR: and you cleared your cache and cookies? |
10:37 | maybe try a different browser too? | |
10:38 | WaylonR | different browser worked.. |
10:38 | it.. works in IE..... | |
10:38 | Dum dum dummmmmm | |
10:41 | ashimema joined #koha | |
10:42 | cait | eek :) |
10:42 | now i am really worried | |
10:42 | hi ashimema :) | |
10:42 | ashimema | good morning cait |
12:25 | jwagner joined #koha | |
12:53 | collum joined #koha | |
12:54 | mjoven joined #koha | |
12:55 | mjoven | Hi all, can I post here a question about OPAC interface ? |
12:55 | WaylonR | go ahed |
13:00 | meliss joined #koha | |
13:04 | mjoven | When I search a book in Adminitrator Page, in details I can see Location ; but when a user connect with OPAC and search for same book, he cannot see its location |
13:04 | I don't understand if I need to enable some permission | |
13:04 | paul_p joined #koha | |
13:04 | WaylonR | paul_p, <mjoven> When I search a book in Adminitrator Page, in details I can see Location ; but when a user connect with OPAC and search for same book, he cannot see its location |
13:05 | what can mjoven do? | |
13:05 | I think Marc structure .. visible needs toggling.. | |
13:05 | somewhere. | |
13:08 | mjoven | WaylonR I confirm that books were imported from another program and converted to MARC |
13:09 | WaylonR | not what i ment. |
13:09 | mjoven | MARC define detail about book or permissions too ? |
13:13 | WaylonR | gpto /cgi-bin/koha/admin/marc_subfields_structure.pl?op=add_form&tagfield=952&frameworkcode=#subbfield ... is koha link: items.holdingbranch? if so, check that Visibility: OPAC is turned on. |
13:13 | err.. | |
13:13 | first, goto that link, then click on b | |
13:13 | then the rest | |
13:13 | wahanui | hmmm... then the rest is easy peasy |
13:14 | WaylonR | ah |
13:14 | visibilty is under "Advanced constraints" | |
13:14 | cait | mjoven: does it show on the detail page? the location? I mean is the difference in results or in detail pages? |
13:14 | WaylonR | oooooo |
13:14 | good question | |
13:15 | cait | WaylonR: the marc frameworks will only limist it for the marc view - most people are not aware of that i think - the normal display is driven by xslt (if activated) or is hardcoded perl :) |
13:17 | mjoven: what do you mean by location? the library or a location (LOC)? 952 a/b or c? | |
13:18 | mjoven | @cait I'm refering to location (I think 952c), library is showed correctly |
13:18 | huginn | mjoven: I suck |
13:19 | NateC joined #koha | |
13:22 | WaylonR | .... huginn's a bot, ignore him |
13:22 | cait | mjoven: detail page or result list? |
13:23 | mjoven | detail page |
13:23 | wahanui | detail page is great |
13:23 | cait | mjoven: which version of Koha? and are you using the XSLT displays? |
13:23 | is your opac accessible? | |
13:23 | mjoven | @cait unfortunately is not accessible |
13:23 | huginn | mjoven: I've exhausted my database of quotes |
13:23 | cait | hm |
13:24 | you do't need the @ here, it will show up for me without :) | |
13:24 | mjoven | cait, sorry |
13:25 | cait | things to look out for |
13:26 | your location codes in the item (best visible maybe when you look at the marcxmk download) exactly match the code you have defined in authorized values > LOC | |
13:26 | NateC left #koha | |
13:26 | NateC joined #koha | |
13:26 | cait | lower/uppercase can matter |
13:26 | mjoven | let me know if I understand; information about MARC is saved in database (items table, I think); Koha select different field to show book details fpr administrator or user, correct ? |
13:28 | cait | not sure where to start here |
13:28 | :) | |
13:28 | mjoven | cait, yes, is same location; this information is saved in LOCATION field, ITEMS table |
13:28 | cait | items has the item information, some is linked to other tables, so for example your locations have a description and that is saved in another table |
13:28 | you only have the code for a location in items | |
13:28 | or you should have, but I don't know how you migrated | |
13:29 | location is not really a free text field | |
13:29 | it's a field for a code that is then looked up | |
13:30 | to be resolved into a description | |
13:30 | you can define those codes and descriptions under administration > authorised values > LOC | |
13:36 | edveal joined #koha | |
13:38 | mjoven | but in LOCATION field there is the exact information about the book |
13:38 | I'll try see in administration > authorised values > LOC | |
13:39 | edveal joined #koha | |
13:44 | mjoven | cait, thanks |
13:45 | ashimema joined #koha | |
13:48 | oleonard joined #koha | |
13:50 | oleonard | Hi #koha |
13:53 | cait | hi oleonard :) |
13:56 | khall joined #koha | |
13:57 | druthb | cait! oleonard! |
14:02 | sophie_m joined #koha | |
14:15 | nengard joined #koha | |
14:19 | cait | druthb! |
14:19 | druthb | :) |
14:21 | cait | @later tell gmcharlt - ping me when you have a few minutes? |
14:21 | huginn | cait: The operation succeeded. |
14:40 | cait | magnuse++ :) |
15:01 | maximep joined #koha | |
15:05 | cait | hm could someone give the restriction patches a test? |
15:05 | looking for a sign off :) | |
15:05 | bug 11282 | |
15:05 | huginn | 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=11282 blocker, P5 - low, ---, koha-bugs, Needs Signoff , Not possible to create multiple restrictions from patron details/new restriction overwrites existing |
15:36 | mtompset joined #koha | |
15:36 | mtompset | Greetings, #koha. |
15:36 | How about that dd/mm/yyyy format loving to blow up things? :) | |
15:40 | rambutan | We should take strong countermeasures. |
15:40 | oleonard | ? |
15:41 | mtompset | oleonard: given a date in an unknown format (which you as a human being knows it will be dd/mm/yyyy) convert it to YYYY-MM-DD. |
15:41 | I can't find a perl library that does this right. | |
15:42 | oleonard | Koha must be doing it somewhere |
15:42 | mtompset | It fails. |
15:42 | oleonard | ...since it accepts dd/mm/yyyy as a date format preference |
15:42 | mtompset | Yes, and it blows up in the tools/inventory.pl |
15:43 | pastebot | "mtompset" at 127.0.0.1 pasted "The first line is me adding code." (6 lines) at http://paste.koha-community.org/7 |
15:44 | oleonard | Well let's be specific then. "It fails" is unnecessarily broad. Koha most certainly handles dd/mm/yyyy correctly in most places |
15:44 | mtompset | True ... it fails in tools/inventory.pl |
15:44 | There's the paste. | |
15:45 | But it isn't a Koha bug. It's a perl library bug. | |
15:45 | So, I've been trying to find something that does it right without knowing the format. | |
15:45 | Because only the human will know the system preference value | |
15:46 | oleonard | I know nothing about it, but I can't help but think looking at other Koha code that handles dates correctly would be enlightening |
15:46 | cait | mtompset: i am quite sure we do that in lots of places like oleonard said |
15:47 | mtompset | I'll see if we do, but my gut is that we merely display it, and not try to convert it to YMD or some other format. |
15:47 | cait | and koha does know the syspref value too - we show the hints and all that about how to enter a date |
15:48 | mtompset | when I say "doesn't know"... functionX(parameter) is unaware of what parameter is, but it is expecting a particular range, and DMY doesn't seem to be in it. |
15:49 | cait | oleonard: thx for testing 11282 |
15:49 | khall: 11282 needs you! :P | |
15:49 | oleonard | Sure. Hopefully only a simply follow-up is required |
15:50 | cait | oleonard: i really want to see that one fixed, it's a bit scary with the overwriting of data |
15:50 | khall | cait: I'm on it! |
15:50 | cait | khall++ :) |
15:57 | khall | owen: I can't reproduce your problem! |
16:01 | cait: oleonard: http://screencast.com/t/LjSyPIsw | |
16:04 | oleonard | Sorry khall, it really doesn't work for me |
16:05 | khall | are you testing on master? |
16:05 | have you tried it in a sandbox? | |
16:05 | oleonard | Testing on master, not in a sandbox |
16:05 | ashimema joined #koha | |
16:05 | khall | oleonard: anything show up in your error log? |
16:06 | does it save the restriction, just without the date? | |
16:07 | oleonard | The only error looks unrelated: Use of uninitialized value $_ in hash element at members/memberentry.pl line 825 |
16:07 | It saves the restriction without the date | |
16:10 | khall | oleonard: it seems to be working fine in a sandbox as well: http://pro.test6.biblibre.com/[…]borrowernumber=19 |
16:10 | user/pass: test/test | |
16:11 | oleonard: yes, that error is indeed unrelated. I'm not sure where to go from here. I can't reproduce your problem! | |
16:14 | Barrc joined #koha | |
16:15 | oleonard | Wait here's something else: Use of uninitialized value in concatenation (.) or string at /intranet-tmpl/prog/en/includes/borrower_debarments.inc line 46 |
16:29 | Shane-S joined #koha | |
16:31 | Shane-S | Hi all, weird issue, my server was down, and when I SSH'ed in, it was so slow it timed out my login, luckily its a VM, so I connected to the machine's terminal through VMWare, to be greeted with out of memory errors and printslip.pl in the () |
16:31 | any idea what could cause that? I just ran a sudo apt-get update / upgrade in the event of any patches fixing that | |
16:31 | I also upped the memory from 2Gb to 4Gb | |
16:32 | I had to hard-reboot, as the console wouldn't even give me a prompt to type at | |
16:33 | cait | oleonard: is it a new user? no previous restrictions? maybe there is some difference between the users you are both testing with? |
16:33 | dateformat syspref? | |
16:33 | oleonard | Tried multiple dateformat sysprefs |
16:33 | Did you test it successfully cait? | |
16:34 | cait | can't right now :( |
16:34 | only later, i was waiting for a sign off so i coudl do qa - but can only try to reproduce a little later | |
16:36 | rambutan left #koha | |
16:40 | rangi | right since someone 0dayed us on the main koha list |
16:40 | cait | 0dayed? |
16:40 | rangi | can someone please sign off bug 11307 |
16:40 | cait | oh right,... the security thing :( |
16:40 | huginn | 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=11307 critical, P5 - low, ---, oleonard, Needs Signoff , Potential XSS attack vector in opac rss feed |
16:40 | cait | why are you awake? |
16:40 | rangi | its not as bad as it seems |
16:40 | security mails make my computer beep | |
16:41 | oleonard | A bug so nice they reported it twice |
16:41 | rangi | its only in the the rss |
16:41 | cait | your computer wakes you up for security issues? |
16:41 | rangi | and cant easily be exploited |
16:41 | but its simple to stop so i have | |
16:41 | it should take you about 2 mins to test :) | |
16:45 | cait: if i left it on, yep it does on certain mailing lists | |
16:46 | oleonard | I must leave, so maybe someone can submit a follow-up for the Bootstrap theme? |
16:46 | reiveune | bye |
16:46 | reiveune left #koha | |
16:51 | Shane-S | would adding "alt" text to the Koha link (where it says "Powered by Koha") like Koha v3.X.X work and be hard to do to check your version at a glance? |
16:51 | mtompset | is someone signing it off, or shall I? |
16:51 | cait | rangi: going to qa now |
16:51 | hope i can get search working on the dev env but it might work without | |
16:52 | rangi | mtompset: if you could that would be great |
16:53 | bootstrap patch attached too | |
16:54 | cait | ah , thought oleonard had signed off, waiting for you mtompset |
16:54 | fixing my search | |
16:54 | rangi | @later tell gmcharlt bug 11307 |
16:54 | huginn | rangi: The operation succeeded. |
16:55 | gmcharlt | rangi: noted |
16:56 | mtompset | Hmmm... |
16:56 | I was only expecting one attachment. | |
16:57 | * mtompset | laughs. |
16:58 | mtompset | Okay... patch works according to test plan. |
16:58 | Now to sign this sucker off. | |
16:59 | nengard left #koha | |
16:59 | mtompset | This is the part that is annoyingly complex. |
16:59 | rangi | im not sure that you can actually do xss with it |
16:59 | but displaying unescaped user input is never a good idea | |
17:00 | so fixing it cant hurt | |
17:00 | * mtompset | agrees. |
17:00 | mtompset | okay... so how do I attach the two patches and not just the one patch? |
17:00 | git so 2. done. git bz attach what? | |
17:01 | rangi | i attach a patch at a time |
17:01 | so HEAD^ | |
17:01 | and then HEAD | |
17:03 | ashimema | If I'd have spotted this a few minute earlier... was just testing that patch ;) All your though mtopmset as seems your slightly ahead of me |
17:04 | cait | ashimema: coudl you do qa? |
17:05 | i have really problems with apache and that installation i have here at work | |
17:05 | ashimema | sure |
17:05 | cait | i have to sort that out first or go home and test there |
17:05 | mtompset | Oops... need to test bootstrap. |
17:07 | gmcharlt | rangi: yeah, I don't think it's worth cutting a special security release |
17:07 | rangi | me either |
17:07 | however | |
17:07 | gmcharlt | also, you can do ranges with git bz |
17:07 | rangi | we should use this to write a responsible disclosure page |
17:07 | and send that | |
17:07 | gmcharlt | git bz attach -e 12345 HEAD^^^..HEAD |
17:07 | rangi | cos sending potential security issues to the main list = not the best |
17:08 | ashimema | so mtompset.. did you test bootstrap in the end or not? |
17:08 | mtompset | Just finished. |
17:09 | rangi | thanks mtompset |
17:09 | ashimema | brill.. I'll go ahead and qa it as requested |
17:09 | mtompset | YUCK! It's much more visible in the bootstrap. |
17:10 | Don't even need to look at page source. | |
17:14 | rangi | i think the whole rss is kinda busted in bootstrap |
17:14 | but thats a different problem | |
17:15 | mtompset | True. |
17:17 | rangi | fixed that too now :) |
17:20 | bug 11308 | |
17:20 | huginn | 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=11308 normal, P5 - low, ---, oleonard, Needs Signoff , RSS feed is slightly broken in bootstrap theme |
17:24 | ashimema | I tihnk I can still see the security issue in the bootstrap patch rangi.. |
17:26 | rangi | i must admit i didnt test bootstrap side very thoroughly, its not escaping the html? |
17:26 | i see <opensearch:itemsPerPage>50"'<h1>test</h1></opensearch:itemsPerPage> | |
17:27 | ashimema | one sec.. just rechecking the patch actually applied |
17:28 | ooh.. It's chrome being overly clever.. | |
17:28 | rangi | make sure you check the source, cos without patch 11308 it does weird things anyway |
17:29 | rambutan joined #koha | |
17:29 | rangi | if you apply 11308 first, then it, it behaves more like prog theme :) |
17:29 | ashimema | I was viewing the source but via chrome's developer panel.. if you view source manually then it works out fine. |
17:30 | rangi | ah sweet |
17:30 | ashimema | I'm hapy now.. will throw the qa scripts at it just for good habbit.. but I'm doubting they'll throw any nasties. |
17:30 | rangi | thanks |
17:30 | and now its time for me to actually wake up | |
17:30 | bbiab | |
17:31 | rambutan | do libraries that use patron images generally require them of all card holders, adults only, youth only, or something else? |
17:32 | Shane-S | rambutan: cippa laws in the USA might restrict the youth photos |
17:34 | sorry CIPA: http://www.fcc.gov/guides/chil[…]et-protection-act (not sure if it applies at all, but can't hurt to check) | |
17:34 | rambutan | well, I wouldn't think cipa would apply to the data the library holds on the child, after all, we have name, address, DOB, etc. |
17:34 | CIPA addresses Internet access | |
17:36 | Shane-S | Yeah...we also have other laws to consider here, as a school. We can't hold any student demographics on an unsecured server that is connected to the internet |
17:36 | * cait | should be home already |
17:36 | cait | bye all |
17:36 | cait left #koha | |
17:38 | rambutan | Shane-S: what constitutes "unsecured"? Where are you located? |
17:40 | Anybody know offhand if SIP can pull patron images? (I would guess not). | |
17:41 | druthb | I would think not; that would increase the size of the SIP message beyond its' limit, even for a small image. |
17:41 | laurence1 joined #koha | |
17:42 | rambutan | humm, pull via API? |
17:43 | druthb | that, maybe, or put a link to it in the SIP message. but it sounds like a @quote get 123 to me.. why would you want to? |
17:43 | rambutan | OK, glad you asked! |
17:44 | So our staff has problems with kids using each other's library cards or their parents cards for internet access... | |
17:44 | druthb | ah…so when they come to reserve, you'd like to see the pic, like you can at the circ desk. |
17:44 | rambutan | and we're writing our own PAC. So in doing so we're discussing how nice it would be for staff to be able to click on the library card of a logged in user.... |
17:45 | and pull their ILS info, like name, age, etc, so see if a patron that appears to be 11 y.o. is using a card issued to a 41 y.o. | |
17:46 | and the logic extension of that would be to pull their image from the ILS to help confirm their credentials | |
17:46 | Shane-S | rambutan: that we don't use SSL/HTTPS connections to the server. As I read the laws we have the server must carry a valid encryption certificate, which I don't do/need. |
17:47 | I am located in NJ, and we have a Student Information Privacy & Protection Act | |
17:47 | druthb | That actually makes some sense, rambutan. You'd have to do some sort of API treachery, since it's stored in the database, and not just a file you could link to. |
17:48 | rambutan | yea, schools have lots of stuff they have to do. I probably couldn't put up with it. |
17:48 | druthb | Shane-S: Why on earth would you *not* spend the $20 or so to get a certificate? It's really cheap protection for every patron you have. |
17:49 | Shane-S | druthb: because the librarian doesn't even use the patron online access. Since you can't identify someone via a name (all we have in the system) no need for the expense. |
17:49 | druthb: The server is also behind a Firewall and Reverse Proxy | |
17:49 | wahanui | okay, Shane-S. |
17:50 | laurence joined #koha | |
17:50 | laurence left #koha | |
17:50 | druthb | Fair 'nuf. If there's absolutely no way for anyone to access it —at all— that shouldn't be, then you're probably okay without a certificate. But if I found a domain name, could I get to an OPAC or staff interface from where I am? |
17:52 | (If the answer is yes, then more attention to security is needed.) | |
17:52 | Barrc left #koha | |
17:52 | Shane-S | druthb: yep, and your login would not be encrypted |
17:52 | so I could get it with wireshark or other tools | |
17:52 | druthb | *shudder*. Then someone else could sniff my login, and get at my library records. Not cool. |
17:54 | rambutan | StartSSL offers free certificates for non-commercial use. I understand EFF uses them. http://startssl.com |
17:54 | druthb | I'll amend my prior statement, based on what I've learned about security on my current job. If your Koha system is running, and the server has a wire plugged into the network interface, and COUNT(SELECT * FROM borrowers) > 0, then you need SSL, at least. |
17:55 | (I'm not even the most-paranoid person associated with our security team. Not even close.) | |
17:56 | Shane-S | druthb: I am not arguing the point, we just never has any "outside" log ins right now. I had planned on it, but it was too much for my 60yr old librarian used to 1 station to process/handle |
17:58 | So I never persued securing it beyond only allowing 80/8080 and 23 access | |
17:58 | druthb | Just because the librarian doesn't log in from outside, doesn't mean that the bad guys aren't. If they can, and they want to, they will. And 23? *shudder* |
17:59 | Shane-S | sorry 22 |
17:59 | druthb | good. |
18:01 | Shane-S | I also have to purchase a static IP for SSL do I not? |
18:01 | druthb | Usually, yes. |
18:01 | Shane-S | yeah, no static IP here, I just refresh the DNS record with the new IP as it is issued |
18:02 | jatara joined #koha | |
18:02 | druthb | ugh |
18:09 | yhager joined #koha | |
18:14 | cait joined #koha | |
18:15 | * cait | waves |
18:15 | druthb | hi, cait! |
18:16 | cait | hi druthb :) |
18:18 | mtompset | We use StartSSL certificates. :) |
18:19 | And I've made our Koha run on HTTPS via apache tweaks. | |
18:21 | We used to have a proxy server which would map our HTTPS requests to HTTP requests when it sent it to the Koha VM, but since we are in the midst of switching providers, I've thrown out the proxy server part, and just done straight HTTPS. | |
18:21 | druthb | One less (insecure) moving part is a Good Thing. |
18:21 | fredy joined #koha | |
18:22 | jenkins_koha | Starting build #1525 for job Koha_master (previous build: SUCCESS) |
18:22 | rangi | yeah, our default stance is https everything |
18:23 | ashimema++ | |
18:23 | mtompset++ | |
18:23 | gmcharlt++ | |
18:24 | 1 hour 20mins, from patch to pushed | |
18:24 | cait | all hours are https too, both staff and opac |
18:24 | all of our koha installations... | |
18:24 | rangi | yep, all our new ones are, and we are retrofitting our old ones |
18:25 | no real reason not to these days | |
18:25 | for everything | |
18:25 | mtompset | So why don't we get Koha to install that way by default? |
18:25 | rangi | pretty much cant |
18:25 | gmcharlt | there's the little problem that proper certs cost money |
18:26 | rangi | and that they can be anywhere |
18:26 | ebegin joined #koha | |
18:26 | mtompset | oh right. :( |
18:26 | rangi | however we should strongly recommend |
18:26 | that people do it | |
18:26 | ebegin | Hi everyone, Is koha-community.org down ? |
18:26 | huginn | New commit(s) kohagit: Bug 11307: (follow-up) apply fix to bootstrap theme (master and 3.14.x only) <http://git.koha-community.org/[…]a647e8fdaa2d20772> / Bug 11307: Fix potential XSS attack in public catalog RSS feed <http://git.koha-community.org/[…]e2780d4171c00e4ee> |
18:27 | rambutan | no |
18:27 | rangi | ebegin: not for me |
18:27 | ebegin | rangi, hmmm, mtompset, can you access koha-community.org ? |
18:27 | mtompset | http://www.downforeveryoneorju[…]oha-community.org |
18:28 | koha-community.org? | |
18:28 | wahanui | hmmm... koha-community.org is actually updated and right |
18:29 | rambutan | wahanui: did you actually check, or are you just saying that? |
18:29 | wahanui | i haven't a clue, rambutan |
18:29 | rambutan | time for lunch |
18:32 | ebegin | thanks guys. I'll check why |
18:33 | jenkins_koha | Starting build #237 for job master_maria (previous build: SUCCESS) |
18:37 | cait | rangi++ mtompset++ ashimema++ gmcharlt++ |
18:37 | mtompset | I'm looking at the followup bug 11308 |
18:37 | cait | and apache-- again |
18:37 | huginn | 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=11308 normal, P5 - low, ---, oleonard, Needs Signoff , RSS feed is slightly broken in bootstrap theme |
18:40 | yhager_ joined #koha | |
18:42 | mtompset | It is now signed off, if anyone wants to QA it. ;) |
18:42 | cait | maybe later, i need to rest my head for a bit |
18:47 | Shane-S | where does koha-dump dump the files? |
18:48 | rangi | /var/spool/koha/instancename/ |
18:48 | Shane-S | ty |
18:48 | rangi | there will be a .sql.gz which is the db |
18:48 | and a tar | |
18:48 | which is the code and config | |
18:49 | Shane-S | alright, about time I got a backup :) |
18:49 | rangi | (or just the config actually, the code is all in the .db :-)) |
18:53 | deb even | |
18:54 | nengard joined #koha | |
18:56 | druthb | shhh…gotta quit talking about nengard..she's here. |
18:56 | nengard | hmmmm |
18:56 | :p | |
19:13 | fredy joined #koha | |
19:27 | jenkins_koha | Project master_maria build #237: SUCCESS in 53 min: http://jenkins.koha-community.[…]master_maria/237/ |
19:27 | * Chris Cormack: Bug 11307: Fix potential XSS attack in public catalog RSS feed | |
19:27 | * Chris Cormack: Bug 11307: (follow-up) apply fix to bootstrap theme (master and 3.14.x only) | |
19:27 | huginn | 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=11307 critical, P5 - low, ---, oleonard, Pushed to Master , Potential XSS attack vector in opac rss feed |
19:28 | rambutan joined #koha | |
19:32 | nengard joined #koha | |
19:37 | busla joined #koha | |
19:46 | mtompset_ joined #koha | |
19:46 | mtompset | blip? Okay. |
19:49 | mtompset_ joined #koha | |
19:50 | mtompset | blip again? I blame Bell Canada. :P |
19:53 | mtompset_ joined #koha | |
19:53 | mtompset | Well, this is crazy. Off to hunt the problem down. |
20:13 | wizzyrea | and actually, koha-community.org has been pretty quiet for days now. |
20:21 | jenkins_koha | Project Koha_master build #1525: SUCCESS in 2 hr 1 min: http://jenkins.koha-community.[…]Koha_master/1525/ |
20:21 | * Chris Cormack: Bug 11307: Fix potential XSS attack in public catalog RSS feed | |
20:21 | * Chris Cormack: Bug 11307: (follow-up) apply fix to bootstrap theme (master and 3.14.x only) | |
20:21 | huginn | 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=11307 critical, P5 - low, ---, oleonard, Pushed to Master , Potential XSS attack vector in opac rss feed |
20:37 | rangi | oops |
20:37 | i dont think that mail was supposed to go to the list | |
20:45 | rambutan | ^eyebrows^ |
20:46 | nengard | nope ... i think not |
20:48 | gmcharlt | this is why I contract with the New York Times for my missives to be published on the front page every day |
20:48 | ;) | |
20:48 | rangi | heh |
20:49 | meliss joined #koha | |
20:51 | gmcharlt | just in one-point type up in the corner, which is why you've never noticed it |
20:52 | rangi | apparently there was a full page add in the NYT about the nz rugby team |
20:52 | ad even | |
20:52 | wizzyrea | \o/ |
20:58 | mtompset joined #koha | |
20:59 | mtompset | Greetings, #koha. |
20:59 | date formatting and handling is a pain to trace. | |
21:04 | nengard | is there a way to do a marc export from the command line? for some reason the GUI tool isn't getting me everything |
21:06 | jcamins | tools/export.pl --format=marc --record-type=bibs --filename=/my/export/file |
21:06 | * magnuse | pokes his head in - in german |
21:07 | nengard | thanks jcamins |
21:07 | rangi | heh |
21:08 | magnuse | rangi: here's a tiny poc of converting marc to rdf with catmandu: https://gist.github.com/MagnusEnger/7658143 |
21:08 | rangi | awesome you could totally fork my repo and change it to do that :) |
21:09 | * cait | waves at magnuse |
21:09 | rangi | https://gitorious.org/koha-marc2rdf |
21:09 | cait | magnuse: how is it going? |
21:09 | rangi | :) |
21:09 | magnuse | rangi: i'll see how exciting the talks tomorrow are :-) |
21:10 | cait: all good :-) | |
21:10 | rangi | :) |
21:10 | http://dashboard.koha-community.org/taskboard# | |
21:10 | ive almost got the claiming thing working (click on a bug) | |
21:11 | magnuse | looks like Catmandu::Importer::MARC can only read from a file, though. or i'm missing something |
21:11 | rangi | ill finish that tonight i hope (thats all bugs needing signoff) |
21:11 | magnuse: a file is just a special pipe :) | |
21:12 | Create a new MARC importer for $filename. Use STDIN when no filename is given | |
21:12 | magnuse | ah, ok |
21:12 | rangi | i reckon we can get round that |
21:13 | maybe we could even send a patch to allow file=> or blob=> | |
21:13 | then fall back to STDIN | |
21:13 | just to make it a bit nicer | |
21:13 | magnuse | yeah, please feel free to do that ;-) |
21:14 | rangi | :) |
21:15 | magnuse | sounds like that is a bit above my level of incompetence |
21:16 | rangi | ill file an issue and offer to do a patch if its a feature they want to add |
21:17 | sometime | |
21:17 | :) | |
21:17 | magnuse | yay! |
21:19 | weird, it looks like issues and comments are turned off on https://github.com/LibreCat/Catmandu-MARC | |
21:20 | metacpan seems to point to https://rt.cpan.org/Public/Dis[…]ame=Catmandu-MARC | |
21:58 | mtompset_ joined #koha | |
21:59 | mtompset | Well, I think that's the signal to go. |
21:59 | jcamins | Huh. Apparently nginx's license changed, and they pulled an Oracle? |
21:59 | cait | ugh? |
21:59 | and hi jcamins | |
22:00 | magnuse | oh noes? |
22:00 | mtompset | Have a great day, #koha. I tested and signed off bug 11038 for you, rangi. |
22:00 | huginn | 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=11038 normal, P5 - low, ---, oleonard, ASSIGNED , Enable use of IntranetUserCSS and intranetcolorstylesheet on staff client login page |
22:00 | jcamins | magnuse: yeah. |
22:01 | mtompset | Oops.. bug 11308 |
22:01 | huginn | 04Bug http://bugs.koha-community.org[…]_bug.cgi?id=11308 normal, P5 - low, ---, oleonard, Signed Off , RSS feed is slightly broken in bootstrap theme |
22:01 | nengard left #koha | |
22:07 | eythian | hi |
22:08 | cait | hi eythian :) |
22:09 | eythian | hello cait |
22:09 | wahanui | hello cait are you here? |
22:17 | cait | good night all :) |
22:17 | eythian | bye cait |
22:18 | cait left #koha | |
22:20 | magnuse | guten nacht, #koha |
22:40 | yhager joined #koha | |
23:04 | papa joined #koha |
← Previous day | Today | Next day → | Search | Index