ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into feature-h264-videostorage

This commit is contained in:
Isaac Connor 2017-01-27 09:58:18 -05:00
parent 14bb8acc82 9e9b1a3a35
commit 05f3944cc6
3 changed files with 27 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
utils/packpack/startpackpack.sh
View File

@ -80,10 +80,15 @@ if [ "${OS}" == "el" ] || [ "${OS}" == "fedora" ]; then
elif [ "${OS}" == "debian" ] || [ "${OS}" == "ubuntu" ]; then
echo "Begin Debian build..."
# Uncompress the Crud tarball and move it into place
tar -xzf build/crud-${CRUDVER}.tar.gz
rmdir web/api/app/Plugin/Crud
mv -f crud-${CRUDVER} web/api/app/Plugin/Crud
# Uncompress the Crud tarball and move it into place
if [ -e "web/api/app/Plugin/Crud/LICENSE.txt" ]; then
echo "Crud plugin already installed..."
else
echo "Unpacking Crud plugin..."
tar -xzf build/crud-${CRUDVER}.tar.gz
rmdir web/api/app/Plugin/Crud
mv -f crud-${CRUDVER} web/api/app/Plugin/Crud
fi
if [ ${DIST} == "trusty" ] || [ ${DIST} == "precise" ]; then
ln -sf distros/ubuntu1204 debian

56
web/views/file.php
View File

@ -1,56 +0,0 @@
<?php
//
// ZoneMinder file view file, $Date: 2008-09-29 14:15:13 +0100 (Mon, 29 Sep 2008) $, $Revision: 2640 $
// Copyright (C) 2001-2008 Philip Coombes
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
if ( !canView( 'Events' ) )
{
$view = "error";
return;
}
if ( empty($_REQUEST['path']) )
{
$errorText = "No path given to file.php";
}
else
{
$path = $_REQUEST['path'];
if ( !empty($user['MonitorIds']) )
{
$fileOk = false;
$pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId )
{
if ( $pathMonId == $monId )
{
$fileOk = true;
break;
}
}
if ( !$fileOk )
$errorText = "No permissions to view file '$path'";
}
}
// Simple version
if ( $errorText )
Error( $errorText );
else
readfile( ZM_DIR_EVENTS.'/'.$path );
?>

34
web/views/image.php
View File

@ -78,24 +78,26 @@ if ( empty($_REQUEST['path']) )
} else {
$errorText = "No image path";
}
}
else
{
$path = ZM_DIR_EVENTS . '/' . $_REQUEST['path'];
if ( !empty($user['MonitorIds']) )
{
$imageOk = false;
$pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId )
{
if ( $pathMonId == $monId )
{
$imageOk = true;
break;
} else {
$dir_events = realpath(ZM_DIR_EVENTS);
$path = realpath($dir_events . '/' . $_REQUEST['path']);
$pos = strpos($path, $dir_events);
if($pos == 0 && $pos !== false) {
if ( !empty($user['MonitorIds']) ) {
$imageOk = false;
$pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId ) {
if ( $pathMonId == $monId ) {
$imageOk = true;
break;
}
}
if ( !$imageOk )
$errorText = "No image permissions";
}
if ( !$imageOk )
$errorText = "No image permissions";
} else {
$errorText = "Invalid image path";
}
}