diff --git a/build.xml b/build.xml
index 54a0195ae7228bc208d8ab1545912bbe71d4dfeb..43f6f1602ba241138ca6a8e25b4209bf12e5297c 100644
--- a/build.xml
+++ b/build.xml
@@ -27,7 +27,7 @@
<property name="php-cs-fixers" value="no_blank_lines_before_namespaces,function_call_space,trailing_spaces,unused_use,lowercase_keywords,encoding,parenthesis,php_closing_tag,visibility,duplicate_semicolon,extra_empty_lines,no_blank_lines_after_class_opening,no_empty_lines_after_phpdocs,operators_spaces,spaces_before_semicolon,ternary_spaces,concat_with_spaces,short_array_syntax,phpdoc_no_access,remove_leading_slash_use,eof_ending" />
- <property name="version" value="3.0" />
+ <property name="version" value="3.0.1" />
<!-- We only need the -p switch if the password is non-blank -->
<if><not><equals arg1="${mysqlrootpass}" arg2="" /></not><then>
diff --git a/config/vufind/config.ini b/config/vufind/config.ini
index 07b02ba6a3a4ba212c1233f64951e9d32231a1ca..388be444ebd17f352d5fcc4332e333288b763dd8 100644
--- a/config/vufind/config.ini
+++ b/config/vufind/config.ini
@@ -109,7 +109,7 @@ showBulkOptions = false
; Should users be allowed to save searches in their accounts?
allowSavedSearches = true
; Generator value to display in an HTML header <meta> tag:
-generator = "VuFind 3.0"
+generator = "VuFind 3.0.1"
; This section allows you to configure the mechanism used for storing user
; sessions. Available types: File, Memcache, Database.
diff --git a/module/VuFind/src/VuFind/Controller/UpgradeController.php b/module/VuFind/src/VuFind/Controller/UpgradeController.php
index 35f27c45e83d47982d59ce0634cf2141d1ab1296..b9ad30bb4ec9e0a6594893790143924ccd35fdc0 100644
--- a/module/VuFind/src/VuFind/Controller/UpgradeController.php
+++ b/module/VuFind/src/VuFind/Controller/UpgradeController.php
@@ -696,7 +696,7 @@ class UpgradeController extends AbstractBase
}
/**
- * Prompt the user for a source version (to upgrade from 2.x).
+ * Prompt the user for a source version (to upgrade from 2.x+).
*
* @return mixed
*/
@@ -706,7 +706,7 @@ class UpgradeController extends AbstractBase
$version = $this->params()->fromPost('sourceversion');
if (!empty($version)) {
$this->cookie->newVersion = \VuFind\Config\Version::getBuildVersion();
- if (floor($version) != 2) {
+ if (floor($version) < 2) {
$this->flashMessenger()
->addMessage('Illegal version number.', 'error');
} else if ($version >= $this->cookie->newVersion) {
diff --git a/module/VuFind/src/VuFindTest/Unit/UserCreationTrait.php b/module/VuFind/src/VuFindTest/Unit/UserCreationTrait.php
index 077b6cf27f1bf1258222d9bbe8b6be81376319d9..9f1188abcf5c5f3155027496e27316c1ee833482 100644
--- a/module/VuFind/src/VuFindTest/Unit/UserCreationTrait.php
+++ b/module/VuFind/src/VuFindTest/Unit/UserCreationTrait.php
@@ -134,6 +134,29 @@ trait UserCreationTrait
}
}
+ /**
+ * Mink support function: fill in the change password form.
+ *
+ * @param Element $page Page element.
+ * @param string $old Old password
+ * @param string $new New password
+ * @param bool $inModal Should we assume the login box is in a lightbox?
+ * @param string $prefix Extra selector prefix
+ *
+ * @return void
+ */
+ protected function fillInChangePasswordForm(Element $page, $old, $new,
+ $inModal = false, $prefix = '#newpassword '
+ ) {
+ $prefix = ($inModal ? '.modal-body ' : '') . $prefix;
+ $usernameField = $this->findCss($page, $prefix . '[name="oldpwd"]');
+ $usernameField->setValue($old);
+ $passwordField = $this->findCss($page, $prefix . '[name="password"]');
+ $passwordField->setValue($new);
+ $password2Field = $this->findCss($page, $prefix . '[name="password2"]');
+ $password2Field->setValue($new);
+ }
+
/**
* Submit the login form (assuming it's open).
*
diff --git a/module/VuFind/tests/integration-tests/src/VuFindTest/Mink/AccountActionsTest.php b/module/VuFind/tests/integration-tests/src/VuFindTest/Mink/AccountActionsTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..ce672237a9a1521f89f3e7acd58baac494714d95
--- /dev/null
+++ b/module/VuFind/tests/integration-tests/src/VuFindTest/Mink/AccountActionsTest.php
@@ -0,0 +1,147 @@
+<?php
+/**
+ * Mink account actions test class.
+ *
+ * PHP version 5
+ *
+ * Copyright (C) Villanova University 2011.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * @category VuFind
+ * @package Tests
+ * @author Demian Katz <demian.katz@villanova.edu>
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link https://vufind.org Main Page
+ */
+namespace VuFindTest\Mink;
+
+/**
+ * Mink account actions test class.
+ *
+ * @category VuFind
+ * @package Tests
+ * @author Demian Katz <demian.katz@villanova.edu>
+ * @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
+ * @link https://vufind.org Main Page
+ */
+class AccountActionsTest extends \VuFindTest\Unit\MinkTestCase
+{
+ use \VuFindTest\Unit\UserCreationTrait;
+
+ /**
+ * Standard setup method.
+ *
+ * @return mixed
+ */
+ public static function setUpBeforeClass()
+ {
+ return static::failIfUsersExist();
+ }
+
+ /**
+ * Standard setup method.
+ *
+ * @return void
+ */
+ public function setUp()
+ {
+ // Give up if we're not running in CI:
+ if (!$this->continuousIntegrationRunning()) {
+ return $this->markTestSkipped('Continuous integration not running.');
+ }
+ }
+
+ /**
+ * Test changing a password.
+ *
+ * @return void
+ */
+ public function testChangePassword()
+ {
+ $session = $this->getMinkSession();
+ $session->visit($this->getVuFindUrl());
+ $page = $session->getPage();
+
+ // Create account
+ $this->findCss($page, '#loginOptions a')->click();
+ $this->snooze();
+ $this->findCss($page, '.modal-body .createAccountLink')->click();
+ $this->fillInAccountForm($page);
+ $this->findCss($page, '.modal-body .btn.btn-primary')->click();
+ $this->snooze();
+
+ // Log out
+ $this->findCss($page, '.logoutOptions a.logout')->click();
+ $this->snooze();
+
+ // Log back in
+ $this->findCss($page, '#loginOptions a')->click();
+ $this->fillInLoginForm($page, 'username1', 'test');
+ $this->findCss($page, '.modal-body .btn.btn-primary')->click();
+ $this->snooze();
+
+ // We should now be on account screen; go to change password page
+ $this->findAndAssertLink($page, 'Change Password')->click();
+ $this->snooze();
+
+ // Change the password (but get the old password wrong)
+ $this->fillInChangePasswordForm($page, 'bad', 'good');
+ $this->findCss($page, '#newpassword .btn.btn-primary')->click();
+ $this->snooze();
+ $this->assertEquals(
+ 'Invalid login -- please try again.',
+ $this->findCss($page, '.alert-danger')->getText()
+ );
+
+ // Change the password successfully:
+ $this->fillInChangePasswordForm($page, 'test', 'good');
+ $this->findCss($page, '#newpassword .btn.btn-primary')->click();
+ $this->snooze();
+ $this->assertEquals(
+ 'Your password has successfully been changed',
+ $this->findCss($page, '.alert-success')->getText()
+ );
+
+ // Log out
+ $this->findCss($page, '.logoutOptions a.logout')->click();
+ $this->snooze();
+
+ // Log back in (using old credentials, which should now fail):
+ $this->findCss($page, '#loginOptions a')->click();
+ $this->fillInLoginForm($page, 'username1', 'test');
+ $this->findCss($page, '.modal-body .btn.btn-primary')->click();
+ $this->assertLightboxWarning($page, 'Invalid login -- please try again.');
+ $this->snooze();
+
+ // Now log in successfully:
+ $this->fillInLoginForm($page, 'username1', 'good');
+ $this->findCss($page, '.modal-body .btn.btn-primary')->click();
+ $this->snooze();
+
+ // One final log out (to confirm that log in really worked).
+ $this->findCss($page, '.logoutOptions a.logout')->click();
+ $this->snooze();
+ }
+
+ /**
+ * Standard teardown method.
+ *
+ * @return void
+ */
+ public static function tearDownAfterClass()
+ {
+ static::removeUsers(['username1']);
+ }
+}
diff --git a/packages/DEBIAN/changelog b/packages/DEBIAN/changelog
index cf733a3a054eb49e8f9a454abcb4ac93f698c676..8524042a4452492bdf92b24e9c862c9bd62ca08a 100644
--- a/packages/DEBIAN/changelog
+++ b/packages/DEBIAN/changelog
@@ -1,3 +1,9 @@
+vufind 3.0.1 distribution; urgency=low
+
+ * VuFind 3.0.1 release (see http://vufind.org/wiki/changelog for details)
+
+ -- maintainer VuFind Project Administration Team <vufind-admins@lists.sourceforge.net> Fr 27 May 2016 12:00:49 UTC
+
vufind 3.0 distribution; urgency=low
* VuFind 3.0 release (see http://vufind.org/wiki/changelog for details)
diff --git a/packages/DEBIAN/control b/packages/DEBIAN/control
index b34bed0ab52ccc68658bd10e289df757d9c2bf34..9016c826dd19a96e416cca31060f97c4b9b82eca 100644
--- a/packages/DEBIAN/control
+++ b/packages/DEBIAN/control
@@ -1,5 +1,5 @@
Package: vufind
-Version: 3.0
+Version: 3.0.1
Section: World Wide Web
Priority: Optional
Architecture: all
diff --git a/themes/bootstrap3/templates/myresearch/newpassword.phtml b/themes/bootstrap3/templates/myresearch/newpassword.phtml
index d504382bf7dc7f9d575d1e693a0c65555a09642b..8391573200f32efa7bbaee5009be4b316f491007 100644
--- a/themes/bootstrap3/templates/myresearch/newpassword.phtml
+++ b/themes/bootstrap3/templates/myresearch/newpassword.phtml
@@ -20,6 +20,7 @@
<div class="error"><?=$this->transEsc('recovery_user_not_found') ?></div>
<? else: ?>
<form id="newpassword" class="form-horizontal" action="<?=$this->url('myresearch-newpassword') ?>" method="post" data-toggle="validator" role="form">
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth()->getManager()->getCsrfHash(true))?>" name="csrf"/>
<input type="hidden" value="<?=$this->escapeHtmlAttr($this->hash) ?>" name="hash"/>
<input type="hidden" value="<?=$this->escapeHtmlAttr($this->username) ?>" name="username"/>
<input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth_method) ?>" name="auth_method"/>
diff --git a/themes/bootstrap3/templates/record/storageretrievalrequest.phtml b/themes/bootstrap3/templates/record/storageretrievalrequest.phtml
index 918104e04da556ef4d34726a62ca898365ccc033..939bf9d36434ee6c51199d21bba9821ecd9e90db 100644
--- a/themes/bootstrap3/templates/record/storageretrievalrequest.phtml
+++ b/themes/bootstrap3/templates/record/storageretrievalrequest.phtml
@@ -62,7 +62,7 @@
<? endif; ?>
<? if (in_array("pickUpLocation", $this->extraFields)): ?>
- <? if (count($this->pickup) > 1): ?>
+ <? if ($this->pickup): ?>
<div class="form-group">
<?
if (isset($this->gatheredDetails['pickUpLocation']) && $this->gatheredDetails['pickUpLocation'] !== "") {
@@ -76,14 +76,14 @@
<label class="col-sm-3 control-label"><?=$this->transEsc("pick_up_location")?>:</label>
<div class="col-sm-9">
<select name="gatheredDetails[pickUpLocation]" class="form-control">
- <? if ($selected === false): ?>
+ <? if ($selected === false && count($this->pickup) > 1): ?>
<option value="" selected="selected">
<?=$this->transEsc('select_pickup_location')?>
</option>
<? endif; ?>
<? foreach ($this->pickup as $lib): ?>
<option value="<?=$this->escapeHtmlAttr($lib['locationID'])?>"<?=($selected == $lib['locationID']) ? ' selected="selected"' : ''?>>
- <?=$this->escapeHtml($lib['locationDisplay'])?>
+ <?=$this->transEsc('location_' . $lib['locationDisplay'], null, $lib['locationDisplay'])?>
</option>
<? endforeach; ?>
</select>
diff --git a/themes/jquerymobile/templates/myresearch/newpassword.phtml b/themes/jquerymobile/templates/myresearch/newpassword.phtml
index 0f0694a8fea0560b406829ed53a0b4a09cf1e14e..ee3335dcddd2a912a045c455f3e7863d671bed0a 100644
--- a/themes/jquerymobile/templates/myresearch/newpassword.phtml
+++ b/themes/jquerymobile/templates/myresearch/newpassword.phtml
@@ -20,6 +20,7 @@
<? else: ?>
<form data-ajax="false" action="<?=$this->url('myresearch-newpassword') ?>" method="post">
<?=$this->auth()->getNewPasswordForm() ?>
+ <input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth()->getManager()->getCsrfHash(true))?>" name="csrf"/>
<input type="hidden" value="<?=$this->escapeHtmlAttr($this->hash) ?>" name="hash"/>
<input type="hidden" value="<?=$this->escapeHtmlAttr($this->username) ?>" name="username"/>
<input type="hidden" value="<?=$this->escapeHtmlAttr($this->auth_method) ?>" name="auth_method"/>