From 0b3ba0a06d71be6338edc5d76bdc8de3be009bd0 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 6 Dec 2016 09:38:06 -0500 Subject: [PATCH 01/30] fix detection of LIBSWRESAMPLE --- zoneminder-config.cmake | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/zoneminder-config.cmake b/zoneminder-config.cmake index 6dd6fc48a..29d30e002 100644 --- a/zoneminder-config.cmake +++ b/zoneminder-config.cmake @@ -42,6 +42,12 @@ #cmakedefine HAVE_GNUTLS_GNUTLS_H 1 #cmakedefine HAVE_LIBMYSQLCLIENT 1 #cmakedefine HAVE_MYSQL_H 1 +#cmakedefine HAVE_LIBX264 1 +#cmakedefine HAVE_X264_H 1 +#cmakedefine HAVE_LIBMP4V2 1 +#cmakedefine HAVE_MP4V2_MP4V2_H 1 +#cmakedefine HAVE_MP4V2_H 1 +#cmakedefine HAVE_MP4_H 1 #cmakedefine HAVE_LIBAVFORMAT 1 #cmakedefine HAVE_LIBAVFORMAT_AVFORMAT_H 1 #cmakedefine HAVE_LIBAVCODEC 1 @@ -53,6 +59,8 @@ #cmakedefine HAVE_LIBAVUTIL_MATHEMATICS_H 1 #cmakedefine HAVE_LIBSWSCALE 1 #cmakedefine HAVE_LIBSWSCALE_SWSCALE_H 1 +#cmakedefine HAVE_LIBSWRESAMPLE 1 +#cmakedefine HAVE_LIBSWRESAMPLE_SWRESAMPLE_H 1 #cmakedefine HAVE_LIBVLC 1 #cmakedefine HAVE_VLC_VLC_H 1 From 587fd16aa6c02ca0105cc9d76eafcb3bea5a0c7e Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Dec 2016 13:31:44 -0500 Subject: [PATCH 02/30] Add testing for limit, sortField and all the filters to ensure that they are valid. --- web/ajax/log.php | 104 ++++++++++++++++++++++++++++++----------------- 1 file changed, 66 insertions(+), 38 deletions(-) diff --git a/web/ajax/log.php b/web/ajax/log.php index 66dcfc2b5..417bc8dbe 100644 --- a/web/ajax/log.php +++ b/web/ajax/log.php @@ -1,5 +1,9 @@ Id()] = $server; - } + $servers = Server::find_all(); + $servers_by_Id = array(); +# There is probably a better way to do this. + foreach ( $servers as $server ) { + $servers_by_Id[$server->Id()] = $server; + } $minTime = isset($_POST['minTime'])?$_POST['minTime']:NULL; $maxTime = isset($_POST['maxTime'])?$_POST['maxTime']:NULL; - $limit = isset($_POST['limit'])?$_POST['limit']:100; - $filter = isset($_POST['filter'])?$_POST['filter']:array(); - $sortField = isset($_POST['sortField'])?$_POST['sortField']:'TimeKey'; + $limit = 100; + if ( isset($_POST['limit']) ) { + if ( ! is_integer( $_POST['limit'] ) ) { + Error("Invalid value for limit " . ?$_POST['limit'] ); + } else { + $limit = $_POST['limit']; + } + } + $sortField = 'TimeKey'; + if ( isset($_POST['sortField']) ) { + if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { + Error("Invalid sort field " . $_POST['sortField'] ); + } else { + $sortField = $_POST['sortField'] + } + } $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; + $filter = isset($_POST['filter'])?$_POST['filter']:array(); - $filterFields = array( 'Component', 'ServerId', 'Pid', 'Level', 'File', 'Line' ); - - $total = dbFetchOne( "SELECT count(*) AS Total FROM Logs", 'Total' ); + $total = dbFetchOne( 'SELECT count(*) AS Total FROM Logs', 'Total' ); $sql = 'SELECT * FROM Logs'; $where = array(); - $values = array(); + $values = array(); if ( $minTime ) { - $where[] = "TimeKey > ?"; - $values[] = $minTime; - } elseif ( $maxTime ) { - $where[] = "TimeKey < ?"; - $values[] = $maxTime; - } + $where[] = "TimeKey > ?"; + $values[] = $minTime; + } elseif ( $maxTime ) { + $where[] = "TimeKey < ?"; + $values[] = $maxTime; + } + foreach ( $filter as $field=>$value ) { - if ( $field == 'Level' ){ - $where[] = $field." <= ?"; - $values[] = $value; - } else { - $where[] = $field." = ?"; - $values[] = $value; - } - } - if ( count($where) ) + if ( ! in_array( $field, $fileFields ) ) { + Error("$field is not in valid filter fields"); + continue; + } + if ( $field == 'Level' ){ + $where[] = $field." <= ?"; + $values[] = $value; + } else { + $where[] = $field." = ?"; + $values[] = $value; + } + } + if ( count($where) ) $sql.= ' WHERE '.join( ' AND ', $where ); $sql .= " order by ".$sortField." ".$sortOrder." limit ".$limit; $logs = array(); foreach ( dbFetchAll( $sql, NULL, $values ) as $log ) { $log['DateTime'] = preg_replace( '/^\d+/', strftime( "%Y-%m-%d %H:%M:%S", intval($log['TimeKey']) ), $log['TimeKey'] ); - $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; + $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; $logs[] = $log; } $options = array(); $where = array(); - $values = array(); + $values = array(); foreach( $filter as $field=>$value ) { if ( $field == 'Level' ) { $where[$field] = $field." <= ?"; - $values[$field] = $value; + $values[$field] = $value; } else { $where[$field] = $field." = ?"; - $values[$field] = $value; - } - } + $values[$field] = $value; + } + } foreach( $filterFields as $field ) { $sql = "SELECT DISTINCT $field FROM Logs WHERE NOT isnull($field)"; $fieldWhere = array_diff_key( $where, array( $field=>true ) ); - $fieldValues = array_diff_key( $values, array( $field=>true ) ); + $fieldValues = array_diff_key( $values, array( $field=>true ) ); if ( count($fieldWhere) ) $sql.= " AND ".join( ' AND ', $fieldWhere ); $sql.= " ORDER BY $field ASC"; @@ -147,8 +168,15 @@ switch ( $_REQUEST['task'] ) } //$limit = isset($_POST['limit'])?$_POST['limit']:1000; $filter = isset($_POST['filter'])?$_POST['filter']:array(); - $sortField = isset($_POST['sortField'])?$_POST['sortField']:'TimeKey'; - $sortOrder = isset($_POST['sortOrder'])?$_POST['sortOrder']:'asc'; + $sortField = 'TimeKey'; + if ( isset($_POST['sortField']) ) { + if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { + Error("Invalid sort field " . $_POST['sortField'] ); + } else { + $sortField = $_POST['sortField'] + } + } + $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; $servers = Server::find_all(); $servers_by_Id = array(); @@ -216,7 +244,7 @@ switch ( $_REQUEST['task'] ) foreach ( dbFetchAll( $sql, NULL, $values ) as $log ) { $log['DateTime'] = preg_replace( '/^\d+/', strftime( "%Y-%m-%d %H:%M:%S", intval($log['TimeKey']) ), $log['TimeKey'] ); - $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; + $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; $logs[] = $log; } switch( $format ) From e7d0861530c32d6d41f8ea0e3cb9e87130297a8c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Dec 2016 13:37:23 -0500 Subject: [PATCH 03/30] check limit for a valid integer and complain if not. --- web/includes/Frame.php | 12 ++++++++++-- web/includes/Server.php | 12 +++++++++--- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/web/includes/Frame.php b/web/includes/Frame.php index 661654d24..6e9f388fb 100644 --- a/web/includes/Frame.php +++ b/web/includes/Frame.php @@ -6,7 +6,7 @@ class Frame { public function __construct( $IdOrRow ) { $row = NULL; if ( $IdOrRow ) { - if ( is_integer( $IdOrRow ) or is_numeric( $IdOrRow ) ) { + if ( is_integer( $IdOrRow ) ) { $row = dbFetchOne( 'SELECT * FROM Frames WHERE Id=?', NULL, array( $IdOrRow ) ); if ( ! $row ) { Error("Unable to load Frame record for Id=" . $IdOrRow ); @@ -84,7 +84,15 @@ class Frame { $values = array_values( $parameters ); } if ( $limit ) { - $sql .= ' LIMIT ' . $limit; + if ( is_integer( $limit ) ) { + $sql .= ' LIMIT ' . $limit; + } else { + $backTrace = debug_backtrace(); + $file = $backTrace[1]['file']; + $line = $backTrace[1]['line']; + Error("Invalid value for limit($limit) passed to Frame::find from $file:$line"); + return; + } } $results = dbFetchAll( $sql, NULL, $values ); if ( $results ) { diff --git a/web/includes/Server.php b/web/includes/Server.php index dfce67eb8..3b3ede2bc 100644 --- a/web/includes/Server.php +++ b/web/includes/Server.php @@ -63,9 +63,15 @@ class Server { ) ); $values = array_values( $parameters ); } - if ( $limit ) { - $sql .= ' LIMIT ' . $limit; - } + if ( is_integer( $limit ) ) { + $sql .= ' LIMIT ' . $limit; + } else { + $backTrace = debug_backtrace(); + $file = $backTrace[1]['file']; + $line = $backTrace[1]['line']; + Error("Invalid value for limit($limit) passed to Server::find from $file:$line"); + return; + } $results = dbFetchAll( $sql, NULL, $values ); if ( $results ) { return array_map( function($id){ return new Server($id); }, $results ); From c8009baf3ffab21b94fcc1d87e67f6a3548271bf Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Dec 2016 15:46:42 -0500 Subject: [PATCH 04/30] fix missing ; and test for integer string in limit --- web/ajax/log.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web/ajax/log.php b/web/ajax/log.php index 417bc8dbe..0ade76118 100644 --- a/web/ajax/log.php +++ b/web/ajax/log.php @@ -46,7 +46,7 @@ switch ( $_REQUEST['task'] ) $maxTime = isset($_POST['maxTime'])?$_POST['maxTime']:NULL; $limit = 100; if ( isset($_POST['limit']) ) { - if ( ! is_integer( $_POST['limit'] ) ) { + if ( ( !is_integer( $_POST['limit'] ) and !ctype_digit($_POST['limit']) ) ) { Error("Invalid value for limit " . ?$_POST['limit'] ); } else { $limit = $_POST['limit']; @@ -57,7 +57,7 @@ switch ( $_REQUEST['task'] ) if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { Error("Invalid sort field " . $_POST['sortField'] ); } else { - $sortField = $_POST['sortField'] + $sortField = $_POST['sortField']; } } $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; @@ -173,7 +173,7 @@ switch ( $_REQUEST['task'] ) if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { Error("Invalid sort field " . $_POST['sortField'] ); } else { - $sortField = $_POST['sortField'] + $sortField = $_POST['sortField']; } } $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; From 7c84e2417d7506baa32d1e1951544df44db6000a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Dec 2016 15:53:38 -0500 Subject: [PATCH 05/30] remove extra ? --- web/ajax/log.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/ajax/log.php b/web/ajax/log.php index 0ade76118..e4b1186d0 100644 --- a/web/ajax/log.php +++ b/web/ajax/log.php @@ -47,7 +47,7 @@ switch ( $_REQUEST['task'] ) $limit = 100; if ( isset($_POST['limit']) ) { if ( ( !is_integer( $_POST['limit'] ) and !ctype_digit($_POST['limit']) ) ) { - Error("Invalid value for limit " . ?$_POST['limit'] ); + Error("Invalid value for limit " . $_POST['limit'] ); } else { $limit = $_POST['limit']; } From b5e4c94682c1d2614830ec33d7fb5080e91c2179 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 8 Dec 2016 15:58:00 -0500 Subject: [PATCH 06/30] test for integer string as well --- web/includes/Frame.php | 4 ++-- web/includes/Server.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/web/includes/Frame.php b/web/includes/Frame.php index 6e9f388fb..d31ddf162 100644 --- a/web/includes/Frame.php +++ b/web/includes/Frame.php @@ -6,7 +6,7 @@ class Frame { public function __construct( $IdOrRow ) { $row = NULL; if ( $IdOrRow ) { - if ( is_integer( $IdOrRow ) ) { + if ( is_integer( $IdOrRow ) or ctype_digit($IdOrRow) ) { $row = dbFetchOne( 'SELECT * FROM Frames WHERE Id=?', NULL, array( $IdOrRow ) ); if ( ! $row ) { Error("Unable to load Frame record for Id=" . $IdOrRow ); @@ -84,7 +84,7 @@ class Frame { $values = array_values( $parameters ); } if ( $limit ) { - if ( is_integer( $limit ) ) { + if ( is_integer( $limit ) or ctype_digit( $limit ) ) { $sql .= ' LIMIT ' . $limit; } else { $backTrace = debug_backtrace(); diff --git a/web/includes/Server.php b/web/includes/Server.php index 3b3ede2bc..f303db0e5 100644 --- a/web/includes/Server.php +++ b/web/includes/Server.php @@ -5,7 +5,7 @@ class Server { public function __construct( $IdOrRow = NULL ) { $row = NULL; if ( $IdOrRow ) { - if ( is_integer( $IdOrRow ) or is_numeric( $IdOrRow ) ) { + if ( is_integer( $IdOrRow ) or ctype_digit( $IdOrRow ) ) { $row = dbFetchOne( 'SELECT * FROM Servers WHERE Id=?', NULL, array( $IdOrRow ) ); if ( ! $row ) { Error("Unable to load Server record for Id=" . $IdOrRow ); @@ -63,7 +63,7 @@ class Server { ) ); $values = array_values( $parameters ); } - if ( is_integer( $limit ) ) { + if ( is_integer( $limit ) or ctype_digit( $limit ) ) { $sql .= ' LIMIT ' . $limit; } else { $backTrace = debug_backtrace(); From 69c39f8a23229da0a00acdef88b4e614ae28649f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 14 Dec 2016 14:39:44 -0500 Subject: [PATCH 07/30] set http_only flag in cookie settings --- web/index.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/web/index.php b/web/index.php index 4beaaa985..77094252d 100644 --- a/web/index.php +++ b/web/index.php @@ -112,6 +112,16 @@ if ( !file_exists( ZM_SKIN_PATH ) ) require_once( ZM_SKIN_PATH.'/includes/init.php' ); $skinBase[] = $skin; +$currentCookieParams = session_get_cookie_params(); +Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)'); +session_set_cookie_params( + $currentCookieParams["lifetime"], + $currentCookieParams["path"], + $currentCookieParams["domain"], + $currentCookieParams["secure"], + true +); + ini_set( "session.name", "ZMSESSID" ); session_start(); From 54f91d7c42d38fdfc59f1697c5c431b08b041599 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 14 Dec 2016 14:49:28 -0500 Subject: [PATCH 08/30] revert cmake code that got in from h264 --- zoneminder-config.cmake | 8 -------- 1 file changed, 8 deletions(-) diff --git a/zoneminder-config.cmake b/zoneminder-config.cmake index 29d30e002..6dd6fc48a 100644 --- a/zoneminder-config.cmake +++ b/zoneminder-config.cmake @@ -42,12 +42,6 @@ #cmakedefine HAVE_GNUTLS_GNUTLS_H 1 #cmakedefine HAVE_LIBMYSQLCLIENT 1 #cmakedefine HAVE_MYSQL_H 1 -#cmakedefine HAVE_LIBX264 1 -#cmakedefine HAVE_X264_H 1 -#cmakedefine HAVE_LIBMP4V2 1 -#cmakedefine HAVE_MP4V2_MP4V2_H 1 -#cmakedefine HAVE_MP4V2_H 1 -#cmakedefine HAVE_MP4_H 1 #cmakedefine HAVE_LIBAVFORMAT 1 #cmakedefine HAVE_LIBAVFORMAT_AVFORMAT_H 1 #cmakedefine HAVE_LIBAVCODEC 1 @@ -59,8 +53,6 @@ #cmakedefine HAVE_LIBAVUTIL_MATHEMATICS_H 1 #cmakedefine HAVE_LIBSWSCALE 1 #cmakedefine HAVE_LIBSWSCALE_SWSCALE_H 1 -#cmakedefine HAVE_LIBSWRESAMPLE 1 -#cmakedefine HAVE_LIBSWRESAMPLE_SWRESAMPLE_H 1 #cmakedefine HAVE_LIBVLC 1 #cmakedefine HAVE_VLC_VLC_H 1 From ad157cf21c1cd0f4f429159c229ed2a8ae63a336 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 14 Dec 2016 14:56:54 -0500 Subject: [PATCH 09/30] fix tabs --- web/ajax/log.php | 150 +++++++++++++++++++++++------------------------ 1 file changed, 75 insertions(+), 75 deletions(-) diff --git a/web/ajax/log.php b/web/ajax/log.php index e4b1186d0..b5699f0e2 100644 --- a/web/ajax/log.php +++ b/web/ajax/log.php @@ -35,85 +35,85 @@ switch ( $_REQUEST['task'] ) if ( !canView( 'System' ) ) ajaxError( 'Insufficient permissions to view log entries' ); - $servers = Server::find_all(); - $servers_by_Id = array(); + $servers = Server::find_all(); + $servers_by_Id = array(); # There is probably a better way to do this. - foreach ( $servers as $server ) { - $servers_by_Id[$server->Id()] = $server; - } + foreach ( $servers as $server ) { + $servers_by_Id[$server->Id()] = $server; + } $minTime = isset($_POST['minTime'])?$_POST['minTime']:NULL; $maxTime = isset($_POST['maxTime'])?$_POST['maxTime']:NULL; $limit = 100; - if ( isset($_POST['limit']) ) { - if ( ( !is_integer( $_POST['limit'] ) and !ctype_digit($_POST['limit']) ) ) { - Error("Invalid value for limit " . $_POST['limit'] ); - } else { - $limit = $_POST['limit']; - } - } + if ( isset($_POST['limit']) ) { + if ( ( !is_integer( $_POST['limit'] ) and !ctype_digit($_POST['limit']) ) ) { + Error("Invalid value for limit " . $_POST['limit'] ); + } else { + $limit = $_POST['limit']; + } + } $sortField = 'TimeKey'; - if ( isset($_POST['sortField']) ) { - if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { - Error("Invalid sort field " . $_POST['sortField'] ); - } else { - $sortField = $_POST['sortField']; - } - } + if ( isset($_POST['sortField']) ) { + if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { + Error("Invalid sort field " . $_POST['sortField'] ); + } else { + $sortField = $_POST['sortField']; + } + } $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; $filter = isset($_POST['filter'])?$_POST['filter']:array(); $total = dbFetchOne( 'SELECT count(*) AS Total FROM Logs', 'Total' ); $sql = 'SELECT * FROM Logs'; $where = array(); - $values = array(); + $values = array(); if ( $minTime ) { - $where[] = "TimeKey > ?"; - $values[] = $minTime; - } elseif ( $maxTime ) { - $where[] = "TimeKey < ?"; - $values[] = $maxTime; - } + $where[] = "TimeKey > ?"; + $values[] = $minTime; + } elseif ( $maxTime ) { + $where[] = "TimeKey < ?"; + $values[] = $maxTime; + } foreach ( $filter as $field=>$value ) { - if ( ! in_array( $field, $fileFields ) ) { - Error("$field is not in valid filter fields"); - continue; - } - if ( $field == 'Level' ){ - $where[] = $field." <= ?"; - $values[] = $value; - } else { - $where[] = $field." = ?"; - $values[] = $value; - } - } - if ( count($where) ) - $sql.= ' WHERE '.join( ' AND ', $where ); + if ( ! in_array( $field, $fileFields ) ) { + Error("$field is not in valid filter fields"); + continue; + } + if ( $field == 'Level' ){ + $where[] = $field." <= ?"; + $values[] = $value; + } else { + $where[] = $field." = ?"; + $values[] = $value; + } + } + if ( count($where) ) + $sql.= ' WHERE '.join( ' AND ', $where ); $sql .= " order by ".$sortField." ".$sortOrder." limit ".$limit; $logs = array(); foreach ( dbFetchAll( $sql, NULL, $values ) as $log ) { $log['DateTime'] = preg_replace( '/^\d+/', strftime( "%Y-%m-%d %H:%M:%S", intval($log['TimeKey']) ), $log['TimeKey'] ); - $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; + $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; $logs[] = $log; } $options = array(); $where = array(); - $values = array(); + $values = array(); foreach( $filter as $field=>$value ) { if ( $field == 'Level' ) { $where[$field] = $field." <= ?"; - $values[$field] = $value; + $values[$field] = $value; } else { $where[$field] = $field." = ?"; - $values[$field] = $value; - } - } + $values[$field] = $value; + } + } foreach( $filterFields as $field ) { $sql = "SELECT DISTINCT $field FROM Logs WHERE NOT isnull($field)"; $fieldWhere = array_diff_key( $where, array( $field=>true ) ); - $fieldValues = array_diff_key( $values, array( $field=>true ) ); + $fieldValues = array_diff_key( $values, array( $field=>true ) ); if ( count($fieldWhere) ) $sql.= " AND ".join( ' AND ', $fieldWhere ); $sql.= " ORDER BY $field ASC"; @@ -129,7 +129,7 @@ switch ( $_REQUEST['task'] ) { foreach( dbFetchAll( $sql, $field, array_values($fieldValues) ) as $value ) $options['ServerId'][$value] = ( $value and isset($servers_by_Id[$value]) ) ? $servers_by_Id[$value]->Name() : ''; - + } else { @@ -169,7 +169,7 @@ switch ( $_REQUEST['task'] ) //$limit = isset($_POST['limit'])?$_POST['limit']:1000; $filter = isset($_POST['filter'])?$_POST['filter']:array(); $sortField = 'TimeKey'; - if ( isset($_POST['sortField']) ) { + if ( isset($_POST['sortField']) ) { if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { Error("Invalid sort field " . $_POST['sortField'] ); } else { @@ -178,41 +178,41 @@ switch ( $_REQUEST['task'] ) } $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; - $servers = Server::find_all(); - $servers_by_Id = array(); - # There is probably a better way to do this. - foreach ( $servers as $server ) { - $servers_by_Id[$server->Id()] = $server; - } + $servers = Server::find_all(); + $servers_by_Id = array(); + # There is probably a better way to do this. + foreach ( $servers as $server ) { + $servers_by_Id[$server->Id()] = $server; + } $sql = "select * from Logs"; $where = array(); - $values = array(); + $values = array(); if ( $minTime ) { preg_match( '/(.+)(\.\d+)/', $minTime, $matches ); $minTime = strtotime($matches[1]).$matches[2]; $where[] = "TimeKey >= ?"; - $values[] = $minTime; + $values[] = $minTime; } if ( $maxTime ) { preg_match( '/(.+)(\.\d+)/', $maxTime, $matches ); $maxTime = strtotime($matches[1]).$matches[2]; $where[] = "TimeKey <= ?"; - $values[] = $maxTime; + $values[] = $maxTime; } foreach ( $filter as $field=>$value ) { if ( $value != '' ) { if ( $field == 'Level' ) { $where[] = $field." <= ?"; - $values[] = $value; + $values[] = $value; } else { $where[] = $field." = ?'"; - $values[] = $value; - } - } - } + $values[] = $value; + } + } + } if ( count($where) ) $sql.= " where ".join( " and ", $where ); $sql .= " order by ".$sortField." ".$sortOrder; @@ -244,7 +244,7 @@ switch ( $_REQUEST['task'] ) foreach ( dbFetchAll( $sql, NULL, $values ) as $log ) { $log['DateTime'] = preg_replace( '/^\d+/', strftime( "%Y-%m-%d %H:%M:%S", intval($log['TimeKey']) ), $log['TimeKey'] ); - $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; + $log['Server'] = ( $log['ServerId'] and isset($servers_by_Id[$log['ServerId']]) ) ? $servers_by_Id[$log['ServerId']]->Name() : ''; $logs[] = $log; } switch( $format ) @@ -262,20 +262,20 @@ switch ( $_REQUEST['task'] ) } case 'tsv' : { - # This line doesn't need fprintf, it could use fwrite +# This line doesn't need fprintf, it could use fwrite fprintf( $exportFP, join( "\t", - translate('DateTime'), - translate('Component'), - translate('Server'), - translate('Pid'), - translate('Level'), - translate('Message'), - translate('File'), - translate('Line') - )."\n" ); + translate('DateTime'), + translate('Component'), + translate('Server'), + translate('Pid'), + translate('Level'), + translate('Message'), + translate('File'), + translate('Line') + )."\n" ); foreach ( $logs as $log ) { - fprintf( $exportFP, "%s\t%s\t%s\t%d\t%s\t%s\t%s\t%s\n", $log['DateTime'], $log['Component'], $log['Server'], $log['Pid'], $log['Code'], $log['Message'], $log['File'], $log['Line'] ); + fprintf( $exportFP, "%s\t%s\t%s\t%d\t%s\t%s\t%s\t%s\n", $log['DateTime'], $log['Component'], $log['Server'], $log['Pid'], $log['Code'], $log['Message'], $log['File'], $log['Line'] ); } break; } From 794043cbe9a99feebe95a8a2a187af0c40b36e87 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 14 Dec 2016 15:06:18 -0500 Subject: [PATCH 10/30] On successful login, tell php to regenerate the session id --- web/includes/functions.php | 1 + 1 file changed, 1 insertion(+) diff --git a/web/includes/functions.php b/web/includes/functions.php index 1344f03fa..55cd55b14 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -56,6 +56,7 @@ function userLogin( $username, $password="", $passwordHashed=false ) { if ( ZM_AUTH_TYPE == "builtin" ) { $_SESSION['passwordHash'] = $user['Password']; } + session_regenerate_id(); } else { Warning( "Login denied for user \"$username\"" ); $_SESSION['loginFailed'] = true; From 41dab0750e4dddd85920112be3f600150f3376b2 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 27 Jan 2017 21:30:22 -0500 Subject: [PATCH 11/30] turn whatever gets output into html escaped html so that nothing gets revealed --- web/includes/logger.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/logger.php b/web/includes/logger.php index 94c00a8d1..03854dbf9 100644 --- a/web/includes/logger.php +++ b/web/includes/logger.php @@ -528,7 +528,7 @@ function Error( $string ) function Fatal( $string ) { Logger::fetch()->logPrint( Logger::FATAL, $string ); - die( $string ); + die( htmlentities($string) ); } function Panic( $string ) From 9135da92ed39fded6bc9420ca7e10a201b46b5d4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 31 Jan 2017 21:33:43 -0500 Subject: [PATCH 12/30] fix typo fileFields => filterFields --- web/ajax/log.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/ajax/log.php b/web/ajax/log.php index b5699f0e2..c38a6d5d0 100644 --- a/web/ajax/log.php +++ b/web/ajax/log.php @@ -76,7 +76,7 @@ switch ( $_REQUEST['task'] ) } foreach ( $filter as $field=>$value ) { - if ( ! in_array( $field, $fileFields ) ) { + if ( ! in_array( $field, $filterFields ) ) { Error("$field is not in valid filter fields"); continue; } From 6b3a53ec0ff9a0b1274cbc0072a74ac605f34b7b Mon Sep 17 00:00:00 2001 From: Kyle Johnson Date: Sat, 4 Feb 2017 14:59:33 -0700 Subject: [PATCH 13/30] Tell PDO to use real prepared statements. This makes sure the statement and the values aren't parsed by PHP before sending it to the MySQL server. See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php and https://secure.php.net/manual/en/pdo.setattribute.php --- web/includes/database.php | 1 + 1 file changed, 1 insertion(+) diff --git a/web/includes/database.php b/web/includes/database.php index a23a2c8f1..9935e3ba6 100644 --- a/web/includes/database.php +++ b/web/includes/database.php @@ -44,6 +44,7 @@ function dbConnect() try { $dbConn = new PDO( ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS ); + $dbConn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $dbConn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $ex ) { echo "Unable to connect to ZM db." . $ex->getMessage(); From 9c8c87f59113b62d8d73758537092dde7a9dcfce Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Wed, 8 Feb 2017 20:12:54 -0600 Subject: [PATCH 14/30] rpm specfile - require php-mysqli, bump to 1.30.2 --- distros/redhat/zoneminder.spec | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/distros/redhat/zoneminder.spec b/distros/redhat/zoneminder.spec index 210690e6f..18c129181 100644 --- a/distros/redhat/zoneminder.spec +++ b/distros/redhat/zoneminder.spec @@ -24,19 +24,12 @@ %global with_init_sysv 1 %endif -# php-mysql deprecated in f25 -%if 0%{?fedora} >= 25 -%global with_php_mysqlnd 1 -%else -%global with_php_mysql 1 -%endif - %global readme_suffix %{?rhel:Redhat%{?rhel}}%{!?rhel:Fedora} %global _hardened_build 1 Name: zoneminder -Version: 1.30.1 -Release: 2%{?dist} +Version: 1.30.2 +Release: 1%{?dist} Summary: A camera monitoring and analysis tool Group: System Environment/Daemons # jscalendar is LGPL (any version): http://www.dynarch.com/projects/calendar/ @@ -90,8 +83,7 @@ BuildRequires: polkit-devel %{?with_nginx:Requires: php-fpm} %{!?with_nginx:Requires: httpd php} %{!?with_nginx:Requires: php} -%{?with_php_mysqlnd:Requires: php-mysqlnd} -%{?with_php_mysql:Requires: php-mysql} +Requires: php-mysqli Requires: php-common Requires: php-gd Requires: cambozola @@ -344,6 +336,9 @@ rm -rf %{_docdir}/%{name}-%{version} %dir %attr(755,%{zmuid_final},%{zmgid_final}) %ghost %{_localstatedir}/run/zoneminder %changelog +* Wed Feb 08 2017 Andrew Bauer - 1.30.2-1 +- Bump version for 1.30.2 release + * Wed Dec 28 2016 Andrew Bauer - 1.30.1-2 - Changes from rpmfusion #4393 From bd4aea0385f28299b2ae1ff475cb27394ec9aa20 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Wed, 8 Feb 2017 20:21:23 -0600 Subject: [PATCH 15/30] rpm specfile - php requires was listed twice --- distros/redhat/zoneminder.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/distros/redhat/zoneminder.spec b/distros/redhat/zoneminder.spec index 18c129181..53187fd94 100644 --- a/distros/redhat/zoneminder.spec +++ b/distros/redhat/zoneminder.spec @@ -81,7 +81,7 @@ BuildRequires: polkit-devel %{?with_nginx:Requires: nginx} %{?with_nginx:Requires: fcgiwrap} %{?with_nginx:Requires: php-fpm} -%{!?with_nginx:Requires: httpd php} +%{!?with_nginx:Requires: httpd} %{!?with_nginx:Requires: php} Requires: php-mysqli Requires: php-common From 91dd2105d2736d51917414d45512f2d694107513 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Wed, 8 Feb 2017 20:44:00 -0600 Subject: [PATCH 16/30] rpmspecfile - use %{_sysconfdir} macro --- distros/redhat/zoneminder.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/distros/redhat/zoneminder.spec b/distros/redhat/zoneminder.spec index 53187fd94..f562b1159 100644 --- a/distros/redhat/zoneminder.spec +++ b/distros/redhat/zoneminder.spec @@ -6,9 +6,9 @@ %if "%{zmuid_final}" == "nginx" %global with_nginx 1 -%global wwwconfdir /etc/nginx/default.d +%global wwwconfdir %{_sysconfdir}/nginx/default.d %else -%global wwwconfdir /etc/httpd/conf.d +%global wwwconfdir %{_sysconfdir}/httpd/conf.d %endif %global sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt @@ -274,9 +274,9 @@ rm -rf %{_docdir}/%{name}-%{version} %files %license COPYING %doc AUTHORS README.md distros/redhat/readme/README.%{readme_suffix} distros/redhat/readme/README.https distros/redhat/jscalendar-doc -%config(noreplace) %attr(640,root,%{zmgid_final}) /etc/zm/zm.conf +%config(noreplace) %attr(640,root,%{zmgid_final}) %{_sysconfdir}/zm/zm.conf %config(noreplace) %attr(644,root,root) %{wwwconfdir}/zoneminder.conf -%config(noreplace) /etc/logrotate.d/zoneminder +%config(noreplace) %{_sysconfdir}/logrotate.d/zoneminder %if 0%{?with_nginx} %config(noreplace) %{_sysconfdir}/php-fpm.d/zoneminder.conf From e68094156887a924f0f864c8abb3f7c5dfa36492 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Fri, 10 Feb 2017 08:30:13 -0600 Subject: [PATCH 17/30] add motion zone preset disclaimer --- docs/userguide/definezone.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/userguide/definezone.rst b/docs/userguide/definezone.rst index 24a6bb8b3..cf33f44c9 100644 --- a/docs/userguide/definezone.rst +++ b/docs/userguide/definezone.rst @@ -40,6 +40,8 @@ Type Preset The preset chooser sets sensible default values based on computational needs (fast v. best) and sensitivity (low, medium, high.) It is not required that you select a preset, and you can alter any of the parameters after choosing a preset. For a small number of monitors with ZoneMinder running on modern equipment, Best, high sensitivity can be chosen as a good starting point. + It is important to understand that the available presets are intended merely as a starting point. Since every camera's view is unique, they are not guaranteed to work properly in every case. Presets tend to work acceptably for indoor cameras, where the objects of interest are relatively close and there typically are few or no unwanted objects moving within the cameras view. Presets, on the other hand, tend to not work acceptably for outdoor cameras, where the field of view is typically much wider, objects of interest are farther away, and changing weather patterns can cause false triggers. For outdoor cameras in particular, you will almost certainly have to tune your motion detection zone to get desired results. Please refer to `this guide `__ to learn how to do this. + Units * Pixels - Selecting this option will allow many of the following values to be entered (or viewed) in units of pixels. * Percentage - Selecting this option will allow may of the following values to be entered (or viewed) as a percentage. The sense of the percentage values refers to the area of the zone and not the image as a whole. This makes trying to work out necessary sizes rather easier. From d5bb6f3210881f9b3a53e50836a2509c1bd6d590 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Sat, 11 Feb 2017 09:57:36 -0500 Subject: [PATCH 18/30] remove line that causes endless reading when doing single image mode --- src/zm_remote_camera_http.cpp | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/zm_remote_camera_http.cpp b/src/zm_remote_camera_http.cpp index 91476cd41..b247308cd 100644 --- a/src/zm_remote_camera_http.cpp +++ b/src/zm_remote_camera_http.cpp @@ -192,8 +192,6 @@ int RemoteCameraHttp::ReadData( Buffer &buffer, int bytes_expected ) if ( total_bytes_to_read == 0 ) { - if( mode == SINGLE_IMAGE ) - return( 0 ); // If socket is closed locally, then select will fail, but if it is closed remotely // then we have an exception on our socket.. but no data. Debug( 3, "Socket closed remotely" ); From bf99d132c720012185fc0d3e806cb39133b8e6d9 Mon Sep 17 00:00:00 2001 From: Steve Gilvarry Date: Mon, 13 Feb 2017 22:15:10 +1100 Subject: [PATCH 19/30] Add the missing F back in. --- distros/ubuntu1504_cmake_split_packages/apache.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/distros/ubuntu1504_cmake_split_packages/apache.conf b/distros/ubuntu1504_cmake_split_packages/apache.conf index 292581e78..59efc6248 100644 --- a/distros/ubuntu1504_cmake_split_packages/apache.conf +++ b/distros/ubuntu1504_cmake_split_packages/apache.conf @@ -8,7 +8,7 @@ ScriptAlias /zm/cgi-bin "/usr/lib/zoneminder/cgi-bin" Alias /zm /usr/share/zoneminder/www - Options -Indexes +ollowSymLinks + Options -Indexes +FollowSymLinks DirectoryIndex index.php From c3da373b1b1c00a89ddecc5d17c0c57478c23072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C3=ABl=20Arnauts?= Date: Tue, 14 Feb 2017 10:50:46 +0100 Subject: [PATCH 20/30] Disable SSH --- Dockerfile | 16 +++------------- utils/docker/start.sh | 3 --- 2 files changed, 3 insertions(+), 16 deletions(-) diff --git a/Dockerfile b/Dockerfile index 837a6d4ce..2c72f0f38 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN apt-get update && \ libdbi-perl libarchive-zip-perl libdate-manip-perl libdevice-serialport-perl libmime-perl libpcre3 \ libwww-perl libdbd-mysql-perl libsys-mmap-perl yasm cmake libjpeg-turbo8-dev \ libjpeg-turbo8 libtheora-dev libvorbis-dev libvpx-dev libx264-dev libmp4v2-dev libav-tools mysql-client \ - apache2 php5 php5-mysql apache2-mpm-prefork libapache2-mod-php5 php5-cli openssh-server \ + apache2 php5 php5-mysql apache2-mpm-prefork libapache2-mod-php5 php5-cli \ mysql-server libvlc-dev libvlc5 libvlccore-dev libvlccore7 vlc-data libcurl4-openssl-dev \ libavformat-dev libswscale-dev libavutil-dev libavcodec-dev libavfilter-dev \ libavresample-dev libavdevice-dev libpostproc-dev libv4l-dev libtool libnetpbm10-dev \ @@ -42,22 +42,12 @@ ADD utils/docker/start.sh /tmp/start.sh # give files in /usr/local/share/zoneminder/ RUN chown -R www-data:www-data /usr/local/share/zoneminder/ -# Creating SSH privilege escalation dir -RUN mkdir /var/run/sshd - # Adding apache virtual hosts file ADD utils/docker/apache-vhost /etc/apache2/sites-available/000-default.conf ADD utils/docker/phpdate.ini /etc/php5/apache2/conf.d/25-phpdate.ini -# Set the root passwd -RUN echo 'root:root' | chpasswd - -# Add a user we can actually login with -RUN useradd -m -s /bin/bash -G sudo zoneminder -RUN echo 'zoneminder:zoneminder' | chpasswd - -# Expose ssh and http ports -EXPOSE 22 80 +# Expose http ports +EXPOSE 80 # Initial database and apache setup: RUN "/ZoneMinder/utils/docker/setup.sh" diff --git a/utils/docker/start.sh b/utils/docker/start.sh index ff3d6c705..29cb2f567 100755 --- a/utils/docker/start.sh +++ b/utils/docker/start.sh @@ -36,9 +36,6 @@ service apache2 restart # Start ZoneMinder /usr/local/bin/zmpkg.pl start -# Start SSHD -/usr/sbin/sshd - while : do sleep 3600 From f0b2910647f50ed503e5596f09c5f6327fbbbeb2 Mon Sep 17 00:00:00 2001 From: Manojav Sridhar Date: Wed, 15 Feb 2017 08:10:50 -0500 Subject: [PATCH 21/30] fix typo for correct checking if a command has excuted for an event, prevents execution on every filter run --- scripts/zmfilter.pl.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/zmfilter.pl.in b/scripts/zmfilter.pl.in index e51993bec..e1aafaac2 100644 --- a/scripts/zmfilter.pl.in +++ b/scripts/zmfilter.pl.in @@ -307,7 +307,7 @@ $dbh->ping(); } if ( $filter->{AutoExecute} ) { - if ( !$event->{Execute} ) + if ( !$event->{Executed} ) { $delete_ok = undef if ( !executeCommand( $filter, $event ) ); } From 4809a5d7de4fb03eb29ed79db3fae7a31b32603f Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Thu, 16 Feb 2017 15:59:43 -0600 Subject: [PATCH 22/30] patch packpack to remove "bebian" from the tarball filename --- utils/packpack/deb.mk.patch | 11 +++++++++++ utils/packpack/startpackpack.sh | 3 +++ 2 files changed, 14 insertions(+) create mode 100644 utils/packpack/deb.mk.patch diff --git a/utils/packpack/deb.mk.patch b/utils/packpack/deb.mk.patch new file mode 100644 index 000000000..0cf0100f2 --- /dev/null +++ b/utils/packpack/deb.mk.patch @@ -0,0 +1,11 @@ +--- a/packpack/pack/deb.mk 2017-01-15 16:41:32.938418279 -0600 ++++ b/packpack/pack/deb.mk 2017-02-16 15:44:43.267900717 -0600 +@@ -14,7 +14,7 @@ + DPKG_BUILD:=$(PRODUCT)_$(DEB_VERSION)-$(RELEASE)_$(DPKG_ARCH).build + DPKG_DSC:=$(PRODUCT)_$(DEB_VERSION)-$(RELEASE).dsc + DPKG_ORIG_TARBALL:=$(PRODUCT)_$(DEB_VERSION).orig.tar.$(TARBALL_COMPRESSOR) +-DPKG_DEBIAN_TARBALL:=$(PRODUCT)_$(DEB_VERSION)-$(RELEASE).debian.tar.$(TARBALL_COMPRESSOR) ++DPKG_DEBIAN_TARBALL:=$(PRODUCT)_$(DEB_VERSION)-$(RELEASE).tar.$(TARBALL_COMPRESSOR) + + # gh-7: Ubuntu/Debian should export DEBIAN_FRONTEND=noninteractive + export DEBIAN_FRONTEND=noninteractive diff --git a/utils/packpack/startpackpack.sh b/utils/packpack/startpackpack.sh index e3933a9b6..0956c99a8 100755 --- a/utils/packpack/startpackpack.sh +++ b/utils/packpack/startpackpack.sh @@ -80,6 +80,9 @@ if [ "${OS}" == "el" ] || [ "${OS}" == "fedora" ]; then elif [ "${OS}" == "debian" ] || [ "${OS}" == "ubuntu" ]; then echo "Begin Debian build..." + # patch packpack to remove "debian" from the source tarball filename + patch -p1 < utils/packpack/deb.mk.patch + # Uncompress the Crud tarball and move it into place if [ -e "web/api/app/Plugin/Crud/LICENSE.txt" ]; then echo "Crud plugin already installed..." From dc76a876a12a8e0425c71a79cb092ee3444efa61 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Fri, 17 Feb 2017 07:07:17 -0600 Subject: [PATCH 23/30] packpack rpm specfile - ensure Crud submodule folder is empty --- utils/packpack/startpackpack.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/utils/packpack/startpackpack.sh b/utils/packpack/startpackpack.sh index 0956c99a8..fc0bbb586 100755 --- a/utils/packpack/startpackpack.sh +++ b/utils/packpack/startpackpack.sh @@ -52,6 +52,12 @@ if [ "${OS}" == "el" ] || [ "${OS}" == "fedora" ]; then #patch -p1 < utils/packpack/autosetup.patch ln -sf distros/redhat rpm + # The rpm specfile requires the Crud submodule folder to be empty + if [ -e "web/api/app/Plugin/Crud/LICENSE.txt" ]; then + rm -rf web/api/app/Plugin/Crud + mkdir web/api/app/Plugin/Crud + fi + if [ "${OS}" == "el" ]; then zmrepodistro=${OS} else From 11b90e60111971d864afaa5e9907219d9584eefa Mon Sep 17 00:00:00 2001 From: Manojav Sridhar Date: Fri, 17 Feb 2017 12:37:58 -0500 Subject: [PATCH 24/30] fix usage of wrong key --- web/skins/classic/views/monitor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php index 5ef870a63..45dd6f775 100644 --- a/web/skins/classic/views/monitor.php +++ b/web/skins/classic/views/monitor.php @@ -744,7 +744,7 @@ switch ( $tab ) { ?> - + From 33e8afa0e09c182b602d6588329eb7c2f01b2189 Mon Sep 17 00:00:00 2001 From: Andrew Bauer Date: Fri, 17 Feb 2017 13:25:17 -0600 Subject: [PATCH 25/30] only patch packpack if it is not already patched --- utils/packpack/startpackpack.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/utils/packpack/startpackpack.sh b/utils/packpack/startpackpack.sh index fc0bbb586..117f1c1a9 100755 --- a/utils/packpack/startpackpack.sh +++ b/utils/packpack/startpackpack.sh @@ -87,7 +87,10 @@ elif [ "${OS}" == "debian" ] || [ "${OS}" == "ubuntu" ]; then echo "Begin Debian build..." # patch packpack to remove "debian" from the source tarball filename - patch -p1 < utils/packpack/deb.mk.patch + patch --dry-run --silent -f -p1 < utils/packpack/deb.mk.patch 2>/dev/null + if [ $? -eq 0 ]; then + patch -p1 < utils/packpack/deb.mk.patch + fi # Uncompress the Crud tarball and move it into place if [ -e "web/api/app/Plugin/Crud/LICENSE.txt" ]; then From f50c0e2096917f9c73f1adc08f55f4b1bdd3e4bd Mon Sep 17 00:00:00 2001 From: Manojav Sridhar Date: Sat, 18 Feb 2017 11:15:43 -0500 Subject: [PATCH 26/30] fix missing isset check, caused number of Undefined Property warnings --- web/includes/Event.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/Event.php b/web/includes/Event.php index e9ecd4bae..11a8f4faa 100644 --- a/web/includes/Event.php +++ b/web/includes/Event.php @@ -196,7 +196,7 @@ class Event { } // end function createListThumbnail function getImageSrc( $frame, $scale=SCALE_BASE, $captureOnly=false, $overwrite=false ) { - $Storage = new Storage( $this->{'StorageId'} ); + $Storage = new Storage( isset($this->{'StorageId'}) ? $this->{'StorageId'} : NULL ); $Event = $this; $eventPath = $Event->Path(); From df4739826b36e99a2349c496e09441bd104fdc5a Mon Sep 17 00:00:00 2001 From: Matthew Noorenberghe Date: Sat, 18 Feb 2017 22:52:56 -0800 Subject: [PATCH 27/30] Reduce the default API debug level --- web/api/app/Config/core.php.default | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/api/app/Config/core.php.default b/web/api/app/Config/core.php.default index 43736a61f..a210fbd79 100644 --- a/web/api/app/Config/core.php.default +++ b/web/api/app/Config/core.php.default @@ -31,7 +31,7 @@ * In production mode, flash messages redirect after a time interval. * In development mode, you need to click the flash message to continue. */ - Configure::write('debug', 2); + Configure::write('debug', 0); /** * Configure the Error handler used to handle errors for your application. By default From 548464c0d58676225dc15f0604df7df1961abb83 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Mon, 20 Feb 2017 11:12:15 +0200 Subject: [PATCH 28/30] zmlinkcontent: fix syntax error --- zmlinkcontent.sh.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zmlinkcontent.sh.in b/zmlinkcontent.sh.in index 5f0d8336a..d6c791823 100755 --- a/zmlinkcontent.sh.in +++ b/zmlinkcontent.sh.in @@ -69,7 +69,7 @@ if [ -n "$ZM_CONFIG" ]; then elif [ -f "zm.conf" ]; then echo "Using local zm.conf" source "zm.conf" -elif [ -f "/etc/zm.conf"]; then +elif [ -f "/etc/zm.conf" ]; then echo "Using system zm.conf" source "/etc/zm.conf" else From 27ca8d86742199683e85e77bccba68671782b13a Mon Sep 17 00:00:00 2001 From: Andy Bauer Date: Tue, 21 Feb 2017 12:33:05 -0600 Subject: [PATCH 29/30] use === operator in getDiskPercent function --- web/includes/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 970a5a822..8e3f910cb 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -1434,12 +1434,12 @@ function getLoad() { function getDiskPercent($path = ZM_DIR_EVENTS) { $total = disk_total_space($path); - if ( ! $total ) { + if ( $total === false ) { Error("disk_total_space returned false for " . $path ); return 0; } $free = disk_free_space($path); - if ( ! $free ) { + if ( $free === false ) { Error("disk_free_space returned false for " . $path ); } $space = round(($total - $free) / $total * 100); From 8759e2bdb43a66ee8595e5ffa3367860e7190043 Mon Sep 17 00:00:00 2001 From: Andy Bauer Date: Tue, 21 Feb 2017 13:10:41 -0600 Subject: [PATCH 30/30] prevent divide by zero, make error messages more descriptive --- web/includes/functions.php | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 8e3f910cb..82676b27d 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -1435,14 +1435,17 @@ function getLoad() { function getDiskPercent($path = ZM_DIR_EVENTS) { $total = disk_total_space($path); if ( $total === false ) { - Error("disk_total_space returned false for " . $path ); + Error("disk_total_space returned false. Verify the web account user has access to " . $path ); return 0; + } elseif ( $total == 0 ) { + Error("disk_total_space indicates the following path has a filesystem size of zero bytes" . $path ); + return 100; } $free = disk_free_space($path); if ( $free === false ) { - Error("disk_free_space returned false for " . $path ); + Error("disk_free_space returned false. Verify the web account user has access to " . $path ); } - $space = round(($total - $free) / $total * 100); + $space = round((($total - $free) / $total) * 100); return( $space ); }