use a unique connection key for downloads

web/skins/classic/views/download.php

@@ -24,7 +24,8 @@ if ( !canView('Events') ) {
 }
 
 $total_size = 0;
-if (isset($_SESSION['montageReviewFilter'])) { //Handles montageReview filter
+if (isset($_SESSION['montageReviewFilter']) and !isset($_REQUEST['eids']) ) {
+  # Handles montageReview filter
   $eventsSql = 'SELECT E.Id,E.DiskSpace FROM Events as E WHERE 1';
   $eventsSql .= $_SESSION['montageReviewFilter']['sql'];
   $results = dbQuery($eventsSql);
@@ -45,6 +46,7 @@ if (isset($_SESSION['montageReviewFilter'])) { //Handles montageReview filter
 }
 
 $focusWindow = true;
+$connkey = isset($_REQUEST['connkey']) ? $_REQUEST['connkey'] : generateConnKey();
 
 xhtmlHeaders(__FILE__, translate('Download') );
 ?>
@@ -58,6 +60,7 @@ xhtmlHeaders(__FILE__, translate('Download') );
     </div>
     <div id="content">
       <form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
+        <input type="hidden" name="connkey" value="<?php echo $connkey; ?>"/>
 <?php
 if ( !empty($_REQUEST['eid']) ) {
 ?>
@@ -68,6 +71,10 @@ if ( !empty($_REQUEST['eid']) ) {
 } else if ( !empty($_REQUEST['eids']) ) {
     $total_size = 0;
     foreach ( $_REQUEST['eids'] as $eid ) {
+      if ( ! validInt($eid) ) {
+        Warning("Invalid event id in eids[] $eid");
+        continue;
+      }
       $Event = new Event($eid);
       $total_size += $Event->DiskSpace();
 ?>
@@ -96,7 +103,9 @@ if ( !empty($_REQUEST['eid']) ) {
             </tr>
           </tbody>
         </table>
-        <input type="button" id="exportButton" name="exportButton" value="<?php echo translate('GenerateDownload') ?>" onclick="exportEvent(this.form);" />
+        <button type="button" id="exportButton" name="exportButton" value="GenerateDownload" onclick="exportEvent(this.form);">
+        <?php echo translate('GenerateDownload') ?>
+        </button>
       </form>
     </div>
 <?php

web/skins/classic/views/events.php

@@ -181,7 +181,7 @@ while ( $event_row = dbFetchNext($results) ) {
 <?php
     }
 ?>
-              <th class="colMark"><input type="checkbox" name="toggleCheck" value="1" onclick="toggleCheckbox(this, 'markEids');"/></th>
+              <th class="colMark"><input type="checkbox" name="toggleCheck" value="1" onclick="toggleCheckbox(this, 'eids[]');"/></th>
             </tr>
 <?php
   }
@@ -225,7 +225,7 @@ while ( $event_row = dbFetchNext($results) ) {
       echo '</td>';
   } // end if ZM_WEB_LIST_THUMBS
 ?>
-              <td class="colMark"><input type="checkbox" name="markEids[]" value="<?php echo $event->Id() ?>" onclick="configureButton(this, 'markEids');"/></td>
+              <td class="colMark"><input type="checkbox" name="eids[]" value="<?php echo $event->Id() ?>" onclick="configureButton(this, 'eids[]');"/></td>
             </tr>
 <?php
 }
@@ -266,13 +266,27 @@ if ( $pagination ) {
 if ( true || canEdit( 'Events' ) ) {
 ?>
         <div id="contentButtons">
-          <input type="button" name="viewBtn" value="<?php echo translate('View') ?>" onclick="viewEvents( this, 'markEids' );" disabled="disabled"/>
-          <input type="button" name="archiveBtn" value="<?php echo translate('Archive') ?>" onclick="archiveEvents( this, 'markEids' )" disabled="disabled"/>
-          <input type="button" name="unarchiveBtn" value="<?php echo translate('Unarchive') ?>" onclick="unarchiveEvents( this, 'markEids' );" disabled="disabled"/>
-          <input type="button" name="editBtn" value="<?php echo translate('Edit') ?>" onclick="editEvents( this, 'markEids' )" disabled="disabled"/>
-          <input type="button" name="exportBtn" value="<?php echo translate('Export') ?>" onclick="exportEvents( this, 'markEids' )" disabled="disabled"/>
-          <input type="button" name="downloadBtn" value="<?php echo translate('DownloadVideo') ?>" onclick="downloadVideo( this, 'markEids' )" disabled="disabled"/>
-          <input type="button" name="deleteBtn" value="<?php echo translate('Delete') ?>" onclick="deleteEvents( this, 'markEids' );" disabled="disabled"/>
+          <button type="button" name="viewBtn" value="View" onclick="viewEvents(this, 'eids[]');" disabled="disabled">
+          <?php echo translate('View') ?>"
+          </button>
+          <button type="button" name="archiveBtn" value="Archive" onclick="archiveEvents(this, 'eids[]')" disabled="disabled">
+          <?php echo translate('Archive') ?>
+          </button>
+          <button type="button" name="unarchiveBtn" value="Unarchive" onclick="unarchiveEvents(this, 'eids[]');" disabled="disabled">
+          <?php echo translate('Unarchive') ?>
+          </button>
+          <button type="button" name="editBtn" value="Edit" onclick="editEvents(this, 'eids[]')" disabled="disabled">
+          <?php echo translate('Edit') ?>
+          </button>
+          <button type="button" name="exportBtn" value="Export" onclick="exportEvents(this, 'eids[]')" disabled="disabled">
+          <?php echo translate('Export') ?>
+          </button>
+          <button type="button" name="downloadBtn" value="DownloadVideo" onclick="downloadVideo(this, 'eids[]')" disabled="disabled">
+          <?php echo translate('DownloadVideo') ?>
+          </button>
+          <button type="button" name="deleteBtn" value="Delete" onclick="deleteEvents(this, 'eids[]');" disabled="disabled">
+          <?php echo translate('Delete') ?>
+          </button>
         </div>
 <?php
 }

web/skins/classic/views/export.php

@@ -67,13 +67,15 @@ if ( $user['MonitorIds'] ) {
   $eventsSql .= ' 1';
 }
 
-if ( !empty($_REQUEST['eid']) ) {
+if ( isset($_REQUEST['eid']) and $_REQUEST['eid'] ) {
+  Logger::Debug("Loading events by single eid");
   $eventsSql .= ' AND E.Id=?';
   $eventsValues[] = $_REQUEST['eid'];
-} elseif ( !empty($_REQUEST['eids']) ) {
+} elseif ( isset($_REQUEST['eids']) and count($_REQUEST['eids']) > 0 ) {
+  Logger::Debug("Loading events by eids");
   $eventsSql .= ' AND E.Id IN ('.implode(',', array_map(function(){return '?';}, $_REQUEST['eids'])). ')';
   $eventsValues += $_REQUEST['eids'];
-} else if ( !empty($_REQUEST['filter']) ) {
+} else if ( isset($_REQUEST['filter']) ) {
   parseSort();
   parseFilter($_REQUEST['filter']);
   $filterQuery = $_REQUEST['filter']['query'];
@@ -194,7 +196,7 @@ while ( $event_row = dbFetchNext($results) ) {
     }
     if ( !empty($_REQUEST['generated']) ) {
 ?>
-      <button href="<?php echo validHtmlStr($_REQUEST['exportFile']) ?>"><?php echo translate('Download') ?></button>
+      <button type="button" onclick="startDownload('<?php echo validHtmlStr($_REQUEST['exportFile']) ?>');"><?php echo translate('Download') ?></button>
 <?php
     }
 ?>

web/skins/classic/views/js/download.js

@@ -1,3 +1,18 @@
+function configureExportButton( element ) {
+  var form = element.form;
+
+  var checkCount = 0;
+  var radioCount = 0;
+  for ( var i = 0; i < form.elements.length; i++ ) {
+    if ( form.elements[i].type == "checkbox" && form.elements[i].checked )
+      checkCount++;
+    else if ( form.elements[i].type == "radio" && form.elements[i].checked )
+      radioCount++;
+  }
+  form.elements['exportButton'].disabled = (radioCount == 0);
+      //checkCount == 0 ||
+}
+
 function startDownload( exportFile ) {
   window.location.replace( exportFile );
 }

web/skins/classic/views/js/events.js

@@ -98,7 +98,7 @@ function downloadVideo( element, name ) {
 }
 
 function exportEvents(element, name) {
-  var form = element.form;
+  var form = $j(element.form);
   if ( 0 ) {
   var eids = new Array();
   for (var i = 0; i < form.elements.length; i++) {
@@ -110,7 +110,8 @@ function exportEvents( element, name ) {
   }
   createPopup( '?view=export&'+eids.join( '&' ), 'zmExport', 'export' );
   }
-  form.action='?view=export';
+  form.attr('action', '?view=export');
+  form[0].elements['view'].value='export';
   form.submit();
 }