diff --git a/Dockerfile b/Dockerfile index d0c078571..1c7a267db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -42,22 +42,12 @@ ADD utils/docker/start.sh /tmp/start.sh # give files in /usr/local/share/zoneminder/ RUN chown -R www-data:www-data /usr/local/share/zoneminder/ -# Creating SSH privilege escalation dir -RUN mkdir /var/run/sshd - # Adding apache virtual hosts file ADD utils/docker/apache-vhost /etc/apache2/sites-available/000-default.conf ADD utils/docker/phpdate.ini /etc/php/7.0/apache2/conf.d/25-phpdate.ini -# Set the root passwd -RUN echo 'root:root' | chpasswd - -# Add a user we can actually login with -RUN useradd -m -s /bin/bash -G sudo zoneminder -RUN echo 'zoneminder:zoneminder' | chpasswd - -# Expose ssh and http ports -EXPOSE 22 80 +# Expose http ports +EXPOSE 80 # Initial database and apache setup: RUN "/ZoneMinder/utils/docker/setup.sh" diff --git a/distros/redhat/zoneminder.spec b/distros/redhat/zoneminder.spec index 210690e6f..f562b1159 100644 --- a/distros/redhat/zoneminder.spec +++ b/distros/redhat/zoneminder.spec @@ -6,9 +6,9 @@ %if "%{zmuid_final}" == "nginx" %global with_nginx 1 -%global wwwconfdir /etc/nginx/default.d +%global wwwconfdir %{_sysconfdir}/nginx/default.d %else -%global wwwconfdir /etc/httpd/conf.d +%global wwwconfdir %{_sysconfdir}/httpd/conf.d %endif %global sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt @@ -24,19 +24,12 @@ %global with_init_sysv 1 %endif -# php-mysql deprecated in f25 -%if 0%{?fedora} >= 25 -%global with_php_mysqlnd 1 -%else -%global with_php_mysql 1 -%endif - %global readme_suffix %{?rhel:Redhat%{?rhel}}%{!?rhel:Fedora} %global _hardened_build 1 Name: zoneminder -Version: 1.30.1 -Release: 2%{?dist} +Version: 1.30.2 +Release: 1%{?dist} Summary: A camera monitoring and analysis tool Group: System Environment/Daemons # jscalendar is LGPL (any version): http://www.dynarch.com/projects/calendar/ @@ -88,10 +81,9 @@ BuildRequires: polkit-devel %{?with_nginx:Requires: nginx} %{?with_nginx:Requires: fcgiwrap} %{?with_nginx:Requires: php-fpm} -%{!?with_nginx:Requires: httpd php} +%{!?with_nginx:Requires: httpd} %{!?with_nginx:Requires: php} -%{?with_php_mysqlnd:Requires: php-mysqlnd} -%{?with_php_mysql:Requires: php-mysql} +Requires: php-mysqli Requires: php-common Requires: php-gd Requires: cambozola @@ -282,9 +274,9 @@ rm -rf %{_docdir}/%{name}-%{version} %files %license COPYING %doc AUTHORS README.md distros/redhat/readme/README.%{readme_suffix} distros/redhat/readme/README.https distros/redhat/jscalendar-doc -%config(noreplace) %attr(640,root,%{zmgid_final}) /etc/zm/zm.conf +%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/zm.conf %config(noreplace) %attr(644,root,root) %{wwwconfdir}/zoneminder.conf -%config(noreplace) /etc/logrotate.d/zoneminder +%config(noreplace) %{_sysconfdir}/logrotate.d/zoneminder %if 0%{?with_nginx} %config(noreplace) %{_sysconfdir}/php-fpm.d/zoneminder.conf @@ -344,6 +336,9 @@ rm -rf %{_docdir}/%{name}-%{version} %dir %attr(755,%{zmuid_final},%{zmgid_final}) %ghost %{_localstatedir}/run/zoneminder %changelog +* Wed Feb 08 2017 Andrew Bauer - 1.30.2-1 +- Bump version for 1.30.2 release + * Wed Dec 28 2016 Andrew Bauer - 1.30.1-2 - Changes from rpmfusion #4393 diff --git a/distros/ubuntu1504_cmake_split_packages/apache.conf b/distros/ubuntu1504_cmake_split_packages/apache.conf index 292581e78..59efc6248 100644 --- a/distros/ubuntu1504_cmake_split_packages/apache.conf +++ b/distros/ubuntu1504_cmake_split_packages/apache.conf @@ -8,7 +8,7 @@ ScriptAlias /zm/cgi-bin "/usr/lib/zoneminder/cgi-bin" Alias /zm /usr/share/zoneminder/www - Options -Indexes +ollowSymLinks + Options -Indexes +FollowSymLinks DirectoryIndex index.php diff --git a/docs/userguide/definezone.rst b/docs/userguide/definezone.rst index 24a6bb8b3..cf33f44c9 100644 --- a/docs/userguide/definezone.rst +++ b/docs/userguide/definezone.rst @@ -40,6 +40,8 @@ Type Preset The preset chooser sets sensible default values based on computational needs (fast v. best) and sensitivity (low, medium, high.) It is not required that you select a preset, and you can alter any of the parameters after choosing a preset. For a small number of monitors with ZoneMinder running on modern equipment, Best, high sensitivity can be chosen as a good starting point. + It is important to understand that the available presets are intended merely as a starting point. Since every camera's view is unique, they are not guaranteed to work properly in every case. Presets tend to work acceptably for indoor cameras, where the objects of interest are relatively close and there typically are few or no unwanted objects moving within the cameras view. Presets, on the other hand, tend to not work acceptably for outdoor cameras, where the field of view is typically much wider, objects of interest are farther away, and changing weather patterns can cause false triggers. For outdoor cameras in particular, you will almost certainly have to tune your motion detection zone to get desired results. Please refer to `this guide `__ to learn how to do this. + Units * Pixels - Selecting this option will allow many of the following values to be entered (or viewed) in units of pixels. * Percentage - Selecting this option will allow may of the following values to be entered (or viewed) as a percentage. The sense of the percentage values refers to the area of the zone and not the image as a whole. This makes trying to work out necessary sizes rather easier. diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index e51993bec..e1aafaac2 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -307,7 +307,7 @@ $dbh->ping(); } if ( $filter->{AutoExecute} ) { - if ( !$event->{Execute} ) + if ( !$event->{Executed} ) { $delete_ok = undef if ( !executeCommand( $filter, $event ) ); } diff --git a/src/zm_remote_camera_http.cpp b/src/zm_remote_camera_http.cpp index bc0355d30..d9a0c0b05 100644 --- a/src/zm_remote_camera_http.cpp +++ b/src/zm_remote_camera_http.cpp @@ -227,8 +227,6 @@ int RemoteCameraHttp::ReadData( Buffer &buffer, int bytes_expected ) if ( total_bytes_to_read == 0 ) { - if( mode == SINGLE_IMAGE ) - return( 0 ); // If socket is closed locally, then select will fail, but if it is closed remotely // then we have an exception on our socket.. but no data. Debug( 3, "Socket closed remotely" ); diff --git a/utils/docker/start.sh b/utils/docker/start.sh index ff3d6c705..29cb2f567 100755 --- a/utils/docker/start.sh +++ b/utils/docker/start.sh @@ -36,9 +36,6 @@ service apache2 restart # Start ZoneMinder /usr/local/bin/zmpkg.pl start -# Start SSHD -/usr/sbin/sshd - while : do sleep 3600 diff --git a/utils/packpack/deb.mk.patch b/utils/packpack/deb.mk.patch new file mode 100644 index 000000000..0cf0100f2 --- /dev/null +++ b/utils/packpack/deb.mk.patch @@ -0,0 +1,11 @@ +--- a/packpack/pack/deb.mk 2017-01-15 16:41:32.938418279 -0600 ++++ b/packpack/pack/deb.mk 2017-02-16 15:44:43.267900717 -0600 +@@ -14,7 +14,7 @@ + DPKG_BUILD:=$(PRODUCT)_$(DEB_VERSION)-$(RELEASE)_$(DPKG_ARCH).build + DPKG_DSC:=$(PRODUCT)_$(DEB_VERSION)-$(RELEASE).dsc + DPKG_ORIG_TARBALL:=$(PRODUCT)_$(DEB_VERSION).orig.tar.$(TARBALL_COMPRESSOR) +-DPKG_DEBIAN_TARBALL:=$(PRODUCT)_$(DEB_VERSION)-$(RELEASE).debian.tar.$(TARBALL_COMPRESSOR) ++DPKG_DEBIAN_TARBALL:=$(PRODUCT)_$(DEB_VERSION)-$(RELEASE).tar.$(TARBALL_COMPRESSOR) + + # gh-7: Ubuntu/Debian should export DEBIAN_FRONTEND=noninteractive + export DEBIAN_FRONTEND=noninteractive diff --git a/utils/packpack/startpackpack.sh b/utils/packpack/startpackpack.sh index e3933a9b6..117f1c1a9 100755 --- a/utils/packpack/startpackpack.sh +++ b/utils/packpack/startpackpack.sh @@ -52,6 +52,12 @@ if [ "${OS}" == "el" ] || [ "${OS}" == "fedora" ]; then #patch -p1 < utils/packpack/autosetup.patch ln -sf distros/redhat rpm + # The rpm specfile requires the Crud submodule folder to be empty + if [ -e "web/api/app/Plugin/Crud/LICENSE.txt" ]; then + rm -rf web/api/app/Plugin/Crud + mkdir web/api/app/Plugin/Crud + fi + if [ "${OS}" == "el" ]; then zmrepodistro=${OS} else @@ -80,6 +86,12 @@ if [ "${OS}" == "el" ] || [ "${OS}" == "fedora" ]; then elif [ "${OS}" == "debian" ] || [ "${OS}" == "ubuntu" ]; then echo "Begin Debian build..." + # patch packpack to remove "debian" from the source tarball filename + patch --dry-run --silent -f -p1 < utils/packpack/deb.mk.patch 2>/dev/null + if [ $? -eq 0 ]; then + patch -p1 < utils/packpack/deb.mk.patch + fi + # Uncompress the Crud tarball and move it into place if [ -e "web/api/app/Plugin/Crud/LICENSE.txt" ]; then echo "Crud plugin already installed..." diff --git a/web/ajax/log.php b/web/ajax/log.php index 66dcfc2b5..c38a6d5d0 100644 --- a/web/ajax/log.php +++ b/web/ajax/log.php @@ -1,5 +1,9 @@ Id()] = $server; - } + $servers = Server::find_all(); + $servers_by_Id = array(); +# There is probably a better way to do this. + foreach ( $servers as $server ) { + $servers_by_Id[$server->Id()] = $server; + } $minTime = isset($_POST['minTime'])?$_POST['minTime']:NULL; $maxTime = isset($_POST['maxTime'])?$_POST['maxTime']:NULL; - $limit = isset($_POST['limit'])?$_POST['limit']:100; - $filter = isset($_POST['filter'])?$_POST['filter']:array(); - $sortField = isset($_POST['sortField'])?$_POST['sortField']:'TimeKey'; + $limit = 100; + if ( isset($_POST['limit']) ) { + if ( ( !is_integer( $_POST['limit'] ) and !ctype_digit($_POST['limit']) ) ) { + Error("Invalid value for limit " . $_POST['limit'] ); + } else { + $limit = $_POST['limit']; + } + } + $sortField = 'TimeKey'; + if ( isset($_POST['sortField']) ) { + if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { + Error("Invalid sort field " . $_POST['sortField'] ); + } else { + $sortField = $_POST['sortField']; + } + } $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; + $filter = isset($_POST['filter'])?$_POST['filter']:array(); - $filterFields = array( 'Component', 'ServerId', 'Pid', 'Level', 'File', 'Line' ); - - $total = dbFetchOne( "SELECT count(*) AS Total FROM Logs", 'Total' ); + $total = dbFetchOne( 'SELECT count(*) AS Total FROM Logs', 'Total' ); $sql = 'SELECT * FROM Logs'; $where = array(); - $values = array(); + $values = array(); if ( $minTime ) { - $where[] = "TimeKey > ?"; - $values[] = $minTime; + $where[] = "TimeKey > ?"; + $values[] = $minTime; } elseif ( $maxTime ) { - $where[] = "TimeKey < ?"; - $values[] = $maxTime; - } + $where[] = "TimeKey < ?"; + $values[] = $maxTime; + } + foreach ( $filter as $field=>$value ) { - if ( $field == 'Level' ){ - $where[] = $field." <= ?"; - $values[] = $value; - } else { - $where[] = $field." = ?"; - $values[] = $value; - } - } + if ( ! in_array( $field, $filterFields ) ) { + Error("$field is not in valid filter fields"); + continue; + } + if ( $field == 'Level' ){ + $where[] = $field." <= ?"; + $values[] = $value; + } else { + $where[] = $field." = ?"; + $values[] = $value; + } + } if ( count($where) ) - $sql.= ' WHERE '.join( ' AND ', $where ); + $sql.= ' WHERE '.join( ' AND ', $where ); $sql .= " order by ".$sortField." ".$sortOrder." limit ".$limit; $logs = array(); foreach ( dbFetchAll( $sql, NULL, $values ) as $log ) { $log['DateTime'] = preg_replace( '/^\d+/', strftime( "%Y-%m-%d %H:%M:%S", intval($log['TimeKey']) ), $log['TimeKey'] ); - $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; + $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; $logs[] = $log; } $options = array(); $where = array(); - $values = array(); + $values = array(); foreach( $filter as $field=>$value ) { if ( $field == 'Level' ) { $where[$field] = $field." <= ?"; - $values[$field] = $value; + $values[$field] = $value; } else { $where[$field] = $field." = ?"; - $values[$field] = $value; - } - } + $values[$field] = $value; + } + } foreach( $filterFields as $field ) { $sql = "SELECT DISTINCT $field FROM Logs WHERE NOT isnull($field)"; $fieldWhere = array_diff_key( $where, array( $field=>true ) ); - $fieldValues = array_diff_key( $values, array( $field=>true ) ); + $fieldValues = array_diff_key( $values, array( $field=>true ) ); if ( count($fieldWhere) ) $sql.= " AND ".join( ' AND ', $fieldWhere ); $sql.= " ORDER BY $field ASC"; @@ -108,7 +129,7 @@ switch ( $_REQUEST['task'] ) { foreach( dbFetchAll( $sql, $field, array_values($fieldValues) ) as $value ) $options['ServerId'][$value] = ( $value and isset($servers_by_Id[$value]) ) ? $servers_by_Id[$value]->Name() : ''; - + } else { @@ -147,44 +168,51 @@ switch ( $_REQUEST['task'] ) } //$limit = isset($_POST['limit'])?$_POST['limit']:1000; $filter = isset($_POST['filter'])?$_POST['filter']:array(); - $sortField = isset($_POST['sortField'])?$_POST['sortField']:'TimeKey'; - $sortOrder = isset($_POST['sortOrder'])?$_POST['sortOrder']:'asc'; + $sortField = 'TimeKey'; + if ( isset($_POST['sortField']) ) { + if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { + Error("Invalid sort field " . $_POST['sortField'] ); + } else { + $sortField = $_POST['sortField']; + } + } + $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; - $servers = Server::find_all(); - $servers_by_Id = array(); - # There is probably a better way to do this. - foreach ( $servers as $server ) { - $servers_by_Id[$server->Id()] = $server; - } + $servers = Server::find_all(); + $servers_by_Id = array(); + # There is probably a better way to do this. + foreach ( $servers as $server ) { + $servers_by_Id[$server->Id()] = $server; + } $sql = "select * from Logs"; $where = array(); - $values = array(); + $values = array(); if ( $minTime ) { preg_match( '/(.+)(\.\d+)/', $minTime, $matches ); $minTime = strtotime($matches[1]).$matches[2]; $where[] = "TimeKey >= ?"; - $values[] = $minTime; + $values[] = $minTime; } if ( $maxTime ) { preg_match( '/(.+)(\.\d+)/', $maxTime, $matches ); $maxTime = strtotime($matches[1]).$matches[2]; $where[] = "TimeKey <= ?"; - $values[] = $maxTime; + $values[] = $maxTime; } foreach ( $filter as $field=>$value ) { if ( $value != '' ) { if ( $field == 'Level' ) { $where[] = $field." <= ?"; - $values[] = $value; + $values[] = $value; } else { $where[] = $field." = ?'"; - $values[] = $value; - } - } - } + $values[] = $value; + } + } + } if ( count($where) ) $sql.= " where ".join( " and ", $where ); $sql .= " order by ".$sortField." ".$sortOrder; @@ -216,7 +244,7 @@ switch ( $_REQUEST['task'] ) foreach ( dbFetchAll( $sql, NULL, $values ) as $log ) { $log['DateTime'] = preg_replace( '/^\d+/', strftime( "%Y-%m-%d %H:%M:%S", intval($log['TimeKey']) ), $log['TimeKey'] ); - $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; + $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; $logs[] = $log; } switch( $format ) @@ -234,20 +262,20 @@ switch ( $_REQUEST['task'] ) } case 'tsv' : { - # This line doesn't need fprintf, it could use fwrite +# This line doesn't need fprintf, it could use fwrite fprintf( $exportFP, join( "\t", - translate('DateTime'), - translate('Component'), - translate('Server'), - translate('Pid'), - translate('Level'), - translate('Message'), - translate('File'), - translate('Line') - )."\n" ); + translate('DateTime'), + translate('Component'), + translate('Server'), + translate('Pid'), + translate('Level'), + translate('Message'), + translate('File'), + translate('Line') + )."\n" ); foreach ( $logs as $log ) { - fprintf( $exportFP, "%s\t%s\t%s\t%d\t%s\t%s\t%s\t%s\n", $log['DateTime'], $log['Component'], $log['Server'], $log['Pid'], $log['Code'], $log['Message'], $log['File'], $log['Line'] ); + fprintf( $exportFP, "%s\t%s\t%s\t%d\t%s\t%s\t%s\t%s\n", $log['DateTime'], $log['Component'], $log['Server'], $log['Pid'], $log['Code'], $log['Message'], $log['File'], $log['Line'] ); } break; } diff --git a/web/api/app/Config/core.php.default b/web/api/app/Config/core.php.default index 43736a61f..a210fbd79 100644 --- a/web/api/app/Config/core.php.default +++ b/web/api/app/Config/core.php.default @@ -31,7 +31,7 @@ * In production mode, flash messages redirect after a time interval. * In development mode, you need to click the flash message to continue. */ - Configure::write('debug', 2); + Configure::write('debug', 0); /** * Configure the Error handler used to handle errors for your application. By default diff --git a/web/includes/Event.php b/web/includes/Event.php index e9ecd4bae..11a8f4faa 100644 --- a/web/includes/Event.php +++ b/web/includes/Event.php @@ -196,7 +196,7 @@ class Event { } // end function createListThumbnail function getImageSrc( $frame, $scale=SCALE_BASE, $captureOnly=false, $overwrite=false ) { - $Storage = new Storage( $this->{'StorageId'} ); + $Storage = new Storage( isset($this->{'StorageId'}) ? $this->{'StorageId'} : NULL ); $Event = $this; $eventPath = $Event->Path(); diff --git a/web/includes/Frame.php b/web/includes/Frame.php index 661654d24..d31ddf162 100644 --- a/web/includes/Frame.php +++ b/web/includes/Frame.php @@ -6,7 +6,7 @@ class Frame { public function __construct( $IdOrRow ) { $row = NULL; if ( $IdOrRow ) { - if ( is_integer( $IdOrRow ) or is_numeric( $IdOrRow ) ) { + if ( is_integer( $IdOrRow ) or ctype_digit($IdOrRow) ) { $row = dbFetchOne( 'SELECT * FROM Frames WHERE Id=?', NULL, array( $IdOrRow ) ); if ( ! $row ) { Error("Unable to load Frame record for Id=" . $IdOrRow ); @@ -84,7 +84,15 @@ class Frame { $values = array_values( $parameters ); } if ( $limit ) { - $sql .= ' LIMIT ' . $limit; + if ( is_integer( $limit ) or ctype_digit( $limit ) ) { + $sql .= ' LIMIT ' . $limit; + } else { + $backTrace = debug_backtrace(); + $file = $backTrace[1]['file']; + $line = $backTrace[1]['line']; + Error("Invalid value for limit($limit) passed to Frame::find from $file:$line"); + return; + } } $results = dbFetchAll( $sql, NULL, $values ); if ( $results ) { diff --git a/web/includes/Server.php b/web/includes/Server.php index dfce67eb8..f303db0e5 100644 --- a/web/includes/Server.php +++ b/web/includes/Server.php @@ -5,7 +5,7 @@ class Server { public function __construct( $IdOrRow = NULL ) { $row = NULL; if ( $IdOrRow ) { - if ( is_integer( $IdOrRow ) or is_numeric( $IdOrRow ) ) { + if ( is_integer( $IdOrRow ) or ctype_digit( $IdOrRow ) ) { $row = dbFetchOne( 'SELECT * FROM Servers WHERE Id=?', NULL, array( $IdOrRow ) ); if ( ! $row ) { Error("Unable to load Server record for Id=" . $IdOrRow ); @@ -63,9 +63,15 @@ class Server { ) ); $values = array_values( $parameters ); } - if ( $limit ) { - $sql .= ' LIMIT ' . $limit; - } + if ( is_integer( $limit ) or ctype_digit( $limit ) ) { + $sql .= ' LIMIT ' . $limit; + } else { + $backTrace = debug_backtrace(); + $file = $backTrace[1]['file']; + $line = $backTrace[1]['line']; + Error("Invalid value for limit($limit) passed to Server::find from $file:$line"); + return; + } $results = dbFetchAll( $sql, NULL, $values ); if ( $results ) { return array_map( function($id){ return new Server($id); }, $results ); diff --git a/web/includes/database.php b/web/includes/database.php index a23a2c8f1..9935e3ba6 100644 --- a/web/includes/database.php +++ b/web/includes/database.php @@ -44,6 +44,7 @@ function dbConnect() try { $dbConn = new PDO( ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS ); + $dbConn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $dbConn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $ex ) { echo "Unable to connect to ZM db." . $ex->getMessage(); diff --git a/web/includes/functions.php b/web/includes/functions.php index 215dcb85e..f70f0671c 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -56,6 +56,7 @@ function userLogin( $username, $password="", $passwordHashed=false ) { if ( ZM_AUTH_TYPE == "builtin" ) { $_SESSION['passwordHash'] = $user['Password']; } + session_regenerate_id(); } else { Warning( "Login denied for user \"$username\"" ); $_SESSION['loginFailed'] = true; @@ -1444,15 +1445,18 @@ function getLoad() { function getDiskPercent($path = ZM_DIR_EVENTS) { $total = disk_total_space($path); - if ( ! $total ) { - Error("disk_total_space returned false for " . $path ); + if ( $total === false ) { + Error("disk_total_space returned false. Verify the web account user has access to " . $path ); return 0; + } elseif ( $total == 0 ) { + Error("disk_total_space indicates the following path has a filesystem size of zero bytes" . $path ); + return 100; } $free = disk_free_space($path); - if ( ! $free ) { - Error("disk_free_space returned false for " . $path ); + if ( $free === false ) { + Error("disk_free_space returned false. Verify the web account user has access to " . $path ); } - $space = round(($total - $free) / $total * 100); + $space = round((($total - $free) / $total) * 100); return( $space ); } diff --git a/web/includes/logger.php b/web/includes/logger.php index 94c00a8d1..03854dbf9 100644 --- a/web/includes/logger.php +++ b/web/includes/logger.php @@ -528,7 +528,7 @@ function Error( $string ) function Fatal( $string ) { Logger::fetch()->logPrint( Logger::FATAL, $string ); - die( $string ); + die( htmlentities($string) ); } function Panic( $string ) diff --git a/web/index.php b/web/index.php index 56f7983ba..9ce84199e 100644 --- a/web/index.php +++ b/web/index.php @@ -112,6 +112,16 @@ if ( !file_exists( ZM_SKIN_PATH ) ) Fatal( "Invalid skin '$skin'" ); $skinBase[] = $skin; +$currentCookieParams = session_get_cookie_params(); +Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)'); +session_set_cookie_params( + $currentCookieParams["lifetime"], + $currentCookieParams["path"], + $currentCookieParams["domain"], + $currentCookieParams["secure"], + true +); + ini_set( "session.name", "ZMSESSID" ); session_start(); diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php index b2619dabf..b566d73cb 100644 --- a/web/skins/classic/views/monitor.php +++ b/web/skins/classic/views/monitor.php @@ -772,7 +772,7 @@ switch ( $tab ) { ?> - + diff --git a/zmlinkcontent.sh.in b/zmlinkcontent.sh.in index 5f0d8336a..d6c791823 100755 --- a/zmlinkcontent.sh.in +++ b/zmlinkcontent.sh.in @@ -69,7 +69,7 @@ if [ -n "$ZM_CONFIG" ]; then elif [ -f "zm.conf" ]; then echo "Using local zm.conf" source "zm.conf" -elif [ -f "/etc/zm.conf"]; then +elif [ -f "/etc/zm.conf" ]; then echo "Using system zm.conf" source "/etc/zm.conf" else