From cfca67f6633b22395d96a51a9937d0409dc8e355 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 7 Jun 2019 14:07:23 -0400 Subject: [PATCH 1/4] spacing and quotes --- web/ajax/stream.php | 53 +++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/web/ajax/stream.php b/web/ajax/stream.php index f37012e54..910b18cb5 100644 --- a/web/ajax/stream.php +++ b/web/ajax/stream.php @@ -21,38 +21,38 @@ if ( sem_acquire($semaphore,1) !== false ) { } $localSocketFile = ZM_PATH_SOCKS.'/zms-'.sprintf('%06d',$_REQUEST['connkey']).'w.sock'; - if ( file_exists( $localSocketFile ) ) { + if ( file_exists($localSocketFile) ) { ZM\Warning("sock file $localSocketFile already exists?! Is someone else talking to zms?"); // They could be. We can maybe have concurrent requests from a browser. } - if ( !socket_bind( $socket, $localSocketFile ) ) { - ajaxError("socket_bind( $localSocketFile ) failed: ".socket_strerror(socket_last_error()) ); + if ( !socket_bind($socket, $localSocketFile) ) { + ajaxError("socket_bind( $localSocketFile ) failed: ".socket_strerror(socket_last_error())); } switch ( $_REQUEST['command'] ) { case CMD_VARPLAY : - ZM\Logger::Debug( 'Varplaying to '.$_REQUEST['rate'] ); - $msg = pack( 'lcn', MSG_CMD, $_REQUEST['command'], $_REQUEST['rate']+32768 ); + ZM\Logger::Debug('Varplaying to '.$_REQUEST['rate']); + $msg = pack('lcn', MSG_CMD, $_REQUEST['command'], $_REQUEST['rate']+32768); break; case CMD_ZOOMIN : - ZM\Logger::Debug( 'Zooming to '.$_REQUEST['x'].','.$_REQUEST['y'] ); - $msg = pack( 'lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] ); + ZM\Logger::Debug('Zooming to '.$_REQUEST['x'].','.$_REQUEST['y']); + $msg = pack('lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y']); break; case CMD_PAN : - ZM\Logger::Debug( 'Panning to '.$_REQUEST['x'].','.$_REQUEST['y'] ); - $msg = pack( 'lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y'] ); + ZM\Logger::Debug('Panning to '.$_REQUEST['x'].','.$_REQUEST['y']); + $msg = pack('lcnn', MSG_CMD, $_REQUEST['command'], $_REQUEST['x'], $_REQUEST['y']); break; case CMD_SCALE : - ZM\Logger::Debug( 'Scaling to '.$_REQUEST['scale'] ); - $msg = pack( 'lcn', MSG_CMD, $_REQUEST['command'], $_REQUEST['scale'] ); + ZM\Logger::Debug('Scaling to '.$_REQUEST['scale']); + $msg = pack('lcn', MSG_CMD, $_REQUEST['command'], $_REQUEST['scale']); break; case CMD_SEEK : - ZM\Logger::Debug( 'Seeking to '.$_REQUEST['offset'] ); - $msg = pack( 'lcN', MSG_CMD, $_REQUEST['command'], $_REQUEST['offset'] ); + ZM\Logger::Debug('Seeking to '.$_REQUEST['offset']); + $msg = pack('lcN', MSG_CMD, $_REQUEST['command'], $_REQUEST['offset']); break; default : ZM\Logger::Debug('Sending command ' . $_REQUEST['command']); - $msg = pack( 'lc', MSG_CMD, $_REQUEST['command'] ); + $msg = pack('lc', MSG_CMD, $_REQUEST['command']); break; } @@ -60,7 +60,8 @@ if ( sem_acquire($semaphore,1) !== false ) { // Pi can take up to 3 seconds for zms to start up. $max_socket_tries = 1000; // FIXME This should not exceed web_ajax_timeout - while ( !file_exists($remSockFile) && $max_socket_tries-- ) { //sometimes we are too fast for our own good, if it hasn't been setup yet give it a second. + while ( !file_exists($remSockFile) && $max_socket_tries-- ) { + //sometimes we are too fast for our own good, if it hasn't been setup yet give it a second. // WHY? We will just send another one... // ANSWER: Because otherwise we get a log of errors logged @@ -71,27 +72,27 @@ if ( sem_acquire($semaphore,1) !== false ) { if ( !file_exists($remSockFile) ) { ajaxError("Socket $remSockFile does not exist. This file is created by zms, and since it does not exist, either zms did not run, or zms exited early. Please check your zms logs and ensure that CGI is enabled in apache and check that the PATH_ZMS is set correctly. Make sure that ZM is actually recording. If you are trying to view a live stream and the capture process (zmc) is not running then zms will exit. Please go to http://zoneminder.readthedocs.io/en/latest/faq.html#why-can-t-i-see-streamed-images-when-i-can-see-stills-in-the-zone-window-etc for more information."); } else { - if ( !@socket_sendto( $socket, $msg, strlen($msg), 0, $remSockFile ) ) { - ajaxError( "socket_sendto( $remSockFile ) failed: ".socket_strerror(socket_last_error()) ); + if ( !@socket_sendto($socket, $msg, strlen($msg), 0, $remSockFile) ) { + ajaxError("socket_sendto( $remSockFile ) failed: ".socket_strerror(socket_last_error())); } } - $rSockets = array( $socket ); + $rSockets = array($socket); $wSockets = NULL; $eSockets = NULL; $timeout = MSG_TIMEOUT - ( time() - $start_time ); - $numSockets = socket_select( $rSockets, $wSockets, $eSockets, intval($timeout/1000), ($timeout%1000)*1000 ); + $numSockets = socket_select($rSockets, $wSockets, $eSockets, intval($timeout/1000), ($timeout%1000)*1000); if ( $numSockets === false ) { - ZM\Error('socket_select failed: ' . socket_strerror(socket_last_error()) ); - ajaxError( 'socket_select failed: '.socket_strerror(socket_last_error()) ); + ZM\Error('socket_select failed: ' . socket_strerror(socket_last_error())); + ajaxError('socket_select failed: '.socket_strerror(socket_last_error())); } else if ( $numSockets < 0 ) { - ZM\Error( "Socket closed $remSockFile" ); - ajaxError( "Socket closed $remSockFile" ); + ZM\Error("Socket closed $remSockFile"); + ajaxError("Socket closed $remSockFile"); } else if ( $numSockets == 0 ) { - ZM\Error( "Timed out waiting for msg $remSockFile" ); + ZM\Error("Timed out waiting for msg $remSockFile"); socket_set_nonblock($socket); #ajaxError("Timed out waiting for msg $remSockFile"); } else if ( $numSockets > 0 ) { @@ -101,7 +102,7 @@ if ( sem_acquire($semaphore,1) !== false ) { } } - switch( $nbytes = @socket_recvfrom( $socket, $msg, MSG_DATA_SIZE, 0, $remSockFile ) ) { + switch( $nbytes = @socket_recvfrom($socket, $msg, MSG_DATA_SIZE, 0, $remSockFile) ) { case -1 : ajaxError("socket_recvfrom( $remSockFile ) failed: ".socket_strerror(socket_last_error())); break; @@ -157,7 +158,7 @@ if ( sem_acquire($semaphore,1) !== false ) { } sem_release($semaphore); } else { - ZM\Logger::Debug("Couldn't get semaphore"); + ZM\Logger::Debug('Couldn\'t get semaphore'); ajaxResponse(array()); } From 4140d51e9f24aba2dd4ec29b96c54efb49a565a7 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 13 Aug 2019 11:45:50 -0400 Subject: [PATCH 2/4] database.php cleanup. remove dbFetchMonitor and dbFetchGroup. Their usage has been replaced with the Object::find_one usage. Also more quoting of table and colume names to fix #2659 --- web/includes/database.php | 179 +++++++++++++-------------- web/skins/classic/views/function.php | 12 +- web/skins/classic/views/plugin.php | 29 ++--- web/skins/classic/views/settings.php | 36 +++--- 4 files changed, 121 insertions(+), 135 deletions(-) diff --git a/web/includes/database.php b/web/includes/database.php index f214af58b..d941a01e0 100644 --- a/web/includes/database.php +++ b/web/includes/database.php @@ -2,25 +2,25 @@ // // ZoneMinder web database interface file, $Date$, $Revision$ // Copyright (C) 2001-2008 Philip Coombes -// +// // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. -// +// // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. -// +// // You should have received a copy of the GNU General Public License // along with this program; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// +// -define( 'DB_LOG_OFF', 0 ); -define( 'DB_LOG_ONLY', 1 ); -define( 'DB_LOG_DEBUG', 2 ); +define('DB_LOG_OFF', 0); +define('DB_LOG_ONLY', 1); +define('DB_LOG_DEBUG', 2); $GLOBALS['dbLogLevel'] = DB_LOG_OFF; @@ -29,10 +29,10 @@ $GLOBALS['dbConn'] = false; function dbConnect() { global $dbConn; - if (strpos(ZM_DB_HOST, ':')) { + if ( strpos(ZM_DB_HOST, ':') ) { // Host variable may carry a port or socket. list($host, $portOrSocket) = explode(':', ZM_DB_HOST, 2); - if (ctype_digit($portOrSocket)) { + if ( ctype_digit($portOrSocket) ) { $socket = ':host='.$host . ';port='.$portOrSocket; } else { $socket = ':unix_socket='.$portOrSocket; @@ -43,22 +43,22 @@ function dbConnect() { try { $dbOptions = null; - if ( defined( 'ZM_DB_SSL_CA_CERT' ) and ZM_DB_SSL_CA_CERT ) { + if ( defined('ZM_DB_SSL_CA_CERT') and ZM_DB_SSL_CA_CERT ) { $dbOptions = array( PDO::MYSQL_ATTR_SSL_CA => ZM_DB_SSL_CA_CERT, PDO::MYSQL_ATTR_SSL_KEY => ZM_DB_SSL_CLIENT_KEY, PDO::MYSQL_ATTR_SSL_CERT => ZM_DB_SSL_CLIENT_CERT, ); - $dbConn = new PDO( ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS, $dbOptions ); + $dbConn = new PDO(ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS, $dbOptions); } else { - $dbConn = new PDO( ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS ); + $dbConn = new PDO(ZM_DB_TYPE . $socket . ';dbname='.ZM_DB_NAME, ZM_DB_USER, ZM_DB_PASS); } $dbConn->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $dbConn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $ex ) { echo 'Unable to connect to ZM db.' . $ex->getMessage(); - error_log('Unable to connect to ZM DB ' . $ex->getMessage() ); + error_log('Unable to connect to ZM DB ' . $ex->getMessage()); $dbConn = null; } } @@ -89,15 +89,15 @@ function dbDebug() { dbLogDebug(); } -function dbLog( $sql, $update=false ) { +function dbLog($sql, $update=false) { global $dbLogLevel; $noExecute = $update && ($dbLogLevel >= DB_LOG_DEBUG); if ( $dbLogLevel > DB_LOG_OFF ) - ZM\Logger::Debug( "SQL-LOG: $sql".($noExecute?" (not executed)":"") ); + ZM\Logger::Debug( "SQL-LOG: $sql".($noExecute?' (not executed)':'') ); return( $noExecute ); } -function dbError( $sql ) { +function dbError($sql) { global $dbConn; $error = $dbConn->errorInfo(); if ( ! $error[0] ) @@ -110,37 +110,37 @@ function dbError( $sql ) { function dbEscape( $string ) { global $dbConn; - if ( version_compare( phpversion(), '4.3.0', '<') ) + if ( version_compare(phpversion(), '4.3.0', '<')) if ( get_magic_quotes_gpc() ) - return( $dbConn->quote( stripslashes( $string ) ) ); + return $dbConn->quote(stripslashes($string)); else - return( $dbConn->quote( $string ) ); + return $dbConn->quote($string); else if ( get_magic_quotes_gpc() ) - return( $dbConn->quote( stripslashes( $string ) ) ); + return $dbConn->quote(stripslashes($string)); else - return( $dbConn->quote( $string ) ); + return $dbConn->quote($string); } -function dbQuery( $sql, $params=NULL ) { +function dbQuery($sql, $params=NULL) { global $dbConn; - if ( dbLog( $sql, true ) ) + if ( dbLog($sql, true) ) return; $result = NULL; try { if ( isset($params) ) { - if ( ! $result = $dbConn->prepare( $sql ) ) { + if ( ! $result = $dbConn->prepare($sql) ) { ZM\Error("SQL: Error preparing $sql: " . $pdo->errorInfo); return NULL; } - if ( ! $result->execute( $params ) ) { - ZM\Error("SQL: Error executing $sql: " . implode(',', $result->errorInfo() ) ); + if ( ! $result->execute($params) ) { + ZM\Error("SQL: Error executing $sql: " . implode(',', $result->errorInfo())); return NULL; } } else { if ( defined('ZM_DB_DEBUG') ) { - ZM\Logger::Debug("SQL: $sql values:" . ($params?implode(',',$params):'') ); + ZM\Logger::Debug("SQL: $sql values:" . ($params?implode(',',$params):'')); } $result = $dbConn->query($sql); if ( ! $result ) { @@ -150,24 +150,24 @@ function dbQuery( $sql, $params=NULL ) { } if ( defined('ZM_DB_DEBUG') ) { if ( $params ) - ZM\Logger::Debug("SQL: $sql" . implode(',',$params) . ' rows: '.$result->rowCount() ); + ZM\Logger::Debug("SQL: $sql" . implode(',',$params) . ' rows: '.$result->rowCount()); else - ZM\Logger::Debug("SQL: $sql: rows:" . $result->rowCount() ); + ZM\Logger::Debug("SQL: $sql: rows:" . $result->rowCount()); } } catch(PDOException $e) { - ZM\Error( "SQL-ERR '".$e->getMessage()."', statement was '".$sql."' params:" . ($params?implode(',',$params):'') ); + ZM\Error("SQL-ERR '".$e->getMessage()."', statement was '".$sql."' params:" . ($params?implode(',',$params):'')); return NULL; } return $result; } -function dbFetchOne( $sql, $col=false, $params=NULL ) { - $result = dbQuery( $sql, $params ); - if ( ! $result ) { - ZM\Error( "SQL-ERR dbFetchOne no result, statement was '".$sql."'" . ( $params ? 'params: ' . join(',',$params) : '' ) ); +function dbFetchOne($sql, $col=false, $params=NULL) { + $result = dbQuery($sql, $params); + if ( !$result ) { + ZM\Error("SQL-ERR dbFetchOne no result, statement was '".$sql."'".($params ? 'params: ' . join(',',$params) : '')); return false; } - if ( ! $result->rowCount() ) { + if ( !$result->rowCount() ) { # No rows is not an error return false; } @@ -179,109 +179,109 @@ function dbFetchOne( $sql, $col=false, $params=NULL ) { return false; } return $dbRow[$col]; - } + } return $dbRow; } return false; } -function dbFetchAll( $sql, $col=false, $params=NULL ) { - $result = dbQuery( $sql, $params ); +function dbFetchAll($sql, $col=false, $params=NULL) { + $result = dbQuery($sql, $params); if ( ! $result ) { - ZM\Error( "SQL-ERR dbFetchAll no result, statement was '".$sql."'" . ( $params ? 'params: ' .join(',', $params) : '' ) ); + ZM\Error("SQL-ERR dbFetchAll no result, statement was '".$sql."'".($params ? 'params: '.join(',', $params) : '')); return false; } $dbRows = array(); - while( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) ) - $dbRows[] = $col?$dbRow[$col]:$dbRow; + while ( $dbRow = $result->fetch(PDO::FETCH_ASSOC) ) + $dbRows[] = $col ? $dbRow[$col] : $dbRow; return $dbRows; } -function dbFetchAssoc( $sql, $indexCol, $dataCol=false ) { - $result = dbQuery( $sql ); +function dbFetchAssoc($sql, $indexCol, $dataCol=false) { + $result = dbQuery($sql); $dbRows = array(); - while( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) ) - $dbRows[$dbRow[$indexCol]] = $dataCol?$dbRow[$dataCol]:$dbRow; - return( $dbRows ); + while( $dbRow = $result->fetch(PDO::FETCH_ASSOC) ) + $dbRows[$dbRow[$indexCol]] = $dataCol ? $dbRow[$dataCol] : $dbRow; + return $dbRows; } -function dbFetch( $sql, $col=false ) { - return( dbFetchAll( $sql, $col ) ); +function dbFetch($sql, $col=false) { + return dbFetchAll($sql, $col); } -function dbFetchNext( $result, $col=false ) { - if ( $dbRow = $result->fetch( PDO::FETCH_ASSOC ) ) - return( $col?$dbRow[$col]:$dbRow ); - return( false ); +function dbFetchNext($result, $col=false) { + if ( $dbRow = $result->fetch(PDO::FETCH_ASSOC) ) + return $col ? $dbRow[$col] : $dbRow; + return false; } function dbNumRows( $sql ) { - $result = dbQuery( $sql ); - return( $result->rowCount() ); + $result = dbQuery($sql); + return $result->rowCount(); } function dbInsertId() { global $dbConn; - return( $dbConn->lastInsertId() ); + return $dbConn->lastInsertId(); } -function getEnumValues( $table, $column ) { - $row = dbFetchOne( "describe $table $column" ); - preg_match_all( "/'([^']+)'/", $row['Type'], $matches ); - return( $matches[1] ); +function getEnumValues($table, $column) { + $row = dbFetchOne("DESCRIBE `$table` `$column`"); + preg_match_all("/'([^']+)'/", $row['Type'], $matches); + return $matches[1]; } -function getSetValues( $table, $column ) { - return( getEnumValues( $table, $column ) ); +function getSetValues($table, $column) { + return getEnumValues($table, $column); } -function getUniqueValues( $table, $column, $asString=1 ) { +function getUniqueValues($table, $column, $asString=1) { $values = array(); - $sql = "select distinct $column from $table where (not isnull($column) and $column != '') order by $column"; - foreach( dbFetchAll( $sql ) as $row ) { + $sql = "SELECT DISTINCT `$column` FROM `$table` WHERE (NOT isnull(`$column`) AND `$column` != '') ORDER BY `$column`"; + foreach ( dbFetchAll($sql) as $row ) { if ( $asString ) $values[$row[$column]] = $row[$column]; else $values[] = $row[$column]; } - return( $values ); -} + return $values; +} function getTableColumns( $table, $asString=1 ) { $columns = array(); - $sql = "describe $table"; - foreach( dbFetchAll( $sql ) as $row ) { + $sql = "DESCRIBE `$table`"; + foreach ( dbFetchAll($sql) as $row ) { if ( $asString ) $columns[$row['Field']] = $row['Type']; else $columns[] = $row['Type']; } - return( $columns ); -} + return $columns; +} function getTableAutoInc( $table ) { - $row = dbFetchOne( 'show table status where Name=?', NULL, array($table) ); - return( $row['Auto_increment'] ); + $row = dbFetchOne('SHOW TABLE status WHERE Name=?', NULL, array($table)); + return $row['Auto_increment']; } function getTableDescription( $table, $asString=1 ) { $columns = array(); - foreach( dbFetchAll( "describe $table" ) as $row ) { + foreach( dbFetchAll("DESCRIBE `$table`") as $row ) { $desc = array( 'name' => $row['Field'], 'required' => ($row['Null']=='NO')?true:false, 'default' => $row['Default'], 'db' => $row, ); - if ( preg_match( "/^varchar\((\d+)\)$/", $row['Type'], $matches ) ) { + if ( preg_match('/^varchar\((\d+)\)$/', $row['Type'], $matches) ) { $desc['type'] = 'text'; $desc['typeAttrib'] = 'varchar'; $desc['maxLength'] = $matches[1]; - } elseif ( preg_match( "/^(\w+)?text$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(\w+)?text$/', $row['Type'], $matches) ) { $desc['type'] = 'text'; - if (!empty($matches[1]) ) + if ( !empty($matches[1]) ) $desc['typeAttrib'] = $matches[1]; switch ( $matches[1] ) { case 'tiny' : @@ -295,15 +295,15 @@ function getTableDescription( $table, $asString=1 ) { //$desc['minLength'] = -128; break; default : - ZM\Error( "Unexpected text qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'" ); + ZM\Error("Unexpected text qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'"); break; } - } elseif ( preg_match( "/^(enum|set)\((.*)\)$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(enum|set)\((.*)\)$/', $row['Type'], $matches) ) { $desc['type'] = 'text'; $desc['typeAttrib'] = $matches[1]; - preg_match_all( "/'([^']+)'/", $matches[2], $matches ); + preg_match_all("/'([^']+)'/", $matches[2], $matches); $desc['values'] = $matches[1]; - } elseif ( preg_match( "/^(\w+)?int\(\d+\)(?:\s+(unsigned))?$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(\w+)?int\(\d+\)(?:\s+(unsigned))?$/', $row['Type'], $matches) ) { $desc['type'] = 'integer'; switch ( $matches[1] ) { case 'tiny' : @@ -327,7 +327,7 @@ function getTableDescription( $table, $asString=1 ) { //$desc['maxValue'] = 127; break; default : - ZM\Error( "Unexpected integer qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'" ); + ZM\Error("Unexpected integer qualifier '".$matches[1]."' found for field '".$row['Field']."' in table '".$table."'"); break; } if ( !empty($matches[1]) ) @@ -336,7 +336,7 @@ function getTableDescription( $table, $asString=1 ) { $desc['maxValue'] += (-$desc['minValue']); $desc['minValue'] = 0; } - } elseif ( preg_match( "/^(?:decimal|numeric)\((\d+)(?:,(\d+))?\)(?:\s+(unsigned))?$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(?:decimal|numeric)\((\d+)(?:,(\d+))?\)(?:\s+(unsigned))?$/', $row['Type'], $matches) ) { $desc['type'] = 'fixed'; $desc['range'] = $matches[1]; if ( isset($matches[2]) ) @@ -344,7 +344,7 @@ function getTableDescription( $table, $asString=1 ) { else $desc['precision'] = 0; $desc['unsigned'] = ( isset($matches[3]) && $matches[3] == 'unsigned' ); - } elseif ( preg_match( "/^(datetime|timestamp|date|time)$/", $row['Type'], $matches ) ) { + } elseif ( preg_match('/^(datetime|timestamp|date|time)$/', $row['Type'], $matches) ) { $desc['type'] = 'datetime'; switch ( $desc['typeAttrib'] = $matches[1] ) { case 'datetime' : @@ -362,7 +362,7 @@ function getTableDescription( $table, $asString=1 ) { break; } } else { - ZM\Error( "Can't parse database type '".$row['Type']."' found for field '".$row['Field']."' in table '".$table."'" ); + ZM\Error("Can't parse database type '".$row['Type']."' found for field '".$row['Field']."' in table '".$table."'"); } if ( $asString ) @@ -370,15 +370,6 @@ function getTableDescription( $table, $asString=1 ) { else $columns[] = $desc; } - return( $columns ); -} - -function dbFetchMonitor( $mid ) { - return( dbFetchOne( 'select * from Monitors where Id = ?', NULL, array($mid) ) ); + return $columns; } - -function dbFetchGroup( $gid ) { - return( dbFetchOne( 'select * from Groups where Id = ?', NULL, array($gid) ) ); -} - ?> diff --git a/web/skins/classic/views/function.php b/web/skins/classic/views/function.php index 506bc006b..1cd2985ef 100644 --- a/web/skins/classic/views/function.php +++ b/web/skins/classic/views/function.php @@ -23,34 +23,34 @@ if ( !canEdit('Monitors') ) { return; } -$monitor = dbFetchMonitor($_REQUEST['mid']); +$monitor = ZM\Monitor::find_one(array('Id'=>$_REQUEST['mid'])); $focusWindow = true; -xhtmlHeaders(__FILE__, translate('Function').' - '.validHtmlStr($monitor['Name'])); +xhtmlHeaders(__FILE__, translate('Function').' - '.validHtmlStr($monitor->Name())); ?>
- +

- checked="checked"/> + Enabled()) ) { ?> checked="checked"/>

diff --git a/web/skins/classic/views/plugin.php b/web/skins/classic/views/plugin.php index ea7a9f347..4f41b3fbd 100644 --- a/web/skins/classic/views/plugin.php +++ b/web/skins/classic/views/plugin.php @@ -19,23 +19,21 @@ // -if ( !canView( 'Monitors' ) ) -{ - $view = "error"; - return; +if ( !canView('Monitors') ) { + $view = 'error'; + return; } $mid = validInt($_REQUEST['mid']); $zid = !empty($_REQUEST['zid'])?validInt($_REQUEST['zid']):0; - if ( $zid > 0 ) { - $newZone = dbFetchOne( 'SELECT * FROM Zones WHERE MonitorId = ? AND Id = ?', NULL, array( $mid, $zid) ); + $newZone = dbFetchOne('SELECT * FROM Zones WHERE MonitorId = ? AND Id = ?', NULL, array($mid, $zid)); } else { - $view = "error"; + $view = 'error'; return; } -$monitor = dbFetchMonitor ( $mid ); +$monitor = ZM\Monitor::find_one($mid); // Only allow certain filename characters (not including a period) to prevent directory traversal. $plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']); @@ -104,7 +102,7 @@ function pLang($name)
@@ -115,16 +113,14 @@ function pLang($name)
- +
$popt) -{ - ?> +foreach($pluginOptions as $name => $popt) { +?> $popt) - + - + - + - +
disabled="disabled"/> disabled="disabled"/>
disabled="disabled"/>/>
disabled="disabled"/>/>
disabled="disabled"/>/>
- disabled="disabled"/> + +
From 74e414eb0014a52fcfa2919a25f45cd8518e1afe Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 13 Aug 2019 15:33:38 -0400 Subject: [PATCH 3/4] Clean up ugly hack in CopyTo. Do not modify the object resulting in cached crap --- scripts/ZoneMinder/lib/ZoneMinder/Event.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm index 0fc43f24a..25cfebb5c 100644 --- a/scripts/ZoneMinder/lib/ZoneMinder/Event.pm +++ b/scripts/ZoneMinder/lib/ZoneMinder/Event.pm @@ -562,8 +562,8 @@ sub CopyTo { return 'Old Storage path changed, Event has moved somewhere else.'; } - $$self{Storage} = $NewStorage; - ( $NewPath ) = ( $self->Path(undef) =~ /^(.*)$/ ); # De-taint + $NewPath .= $self->Relative_Path(); + $NewPath = ( $NewPath =~ /^(.*)$/ ); # De-taint if ( $NewPath eq $OldPath ) { $ZoneMinder::Database::dbh->commit(); return "New path and old path are the same! $NewPath"; @@ -685,7 +685,7 @@ sub MoveTo { # Succeeded in copying all files, so we may now update the Event. $$self{StorageId} = $$NewStorage{Id}; - $$self{Storage} = $NewStorage; + $self->Storage($NewStorage); $error .= $self->save(); if ( $error ) { $ZoneMinder::Database::dbh->commit(); From c7b6db9be7fe274b36b9c3f84f76e0c6b7714334 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 14 Aug 2019 16:18:21 -0400 Subject: [PATCH 4/4] Put backticks around all columns and tables in sql to deal with mysql 8 --- src/zm_config.cpp | 4 ++-- src/zm_eventstream.cpp | 20 ++++++++++---------- src/zm_group.cpp | 2 +- src/zm_monitor.cpp | 42 +++++++++++++++++++++--------------------- src/zm_storage.cpp | 2 +- src/zm_user.cpp | 10 +++++----- 6 files changed, 40 insertions(+), 40 deletions(-) diff --git a/src/zm_config.cpp b/src/zm_config.cpp index f9e11e59b..68c9eae08 100644 --- a/src/zm_config.cpp +++ b/src/zm_config.cpp @@ -68,7 +68,7 @@ void zmLoadConfig() { if ( ! staticConfig.SERVER_NAME.empty() ) { Debug( 1, "Fetching ZM_SERVER_ID For Name = %s", staticConfig.SERVER_NAME.c_str() ); - std::string sql = stringtf("SELECT Id FROM Servers WHERE Name='%s'", staticConfig.SERVER_NAME.c_str() ); + std::string sql = stringtf("SELECT `Id` FROM `Servers` WHERE `Name`='%s'", staticConfig.SERVER_NAME.c_str() ); zmDbRow dbrow; if ( dbrow.fetch( sql.c_str() ) ) { staticConfig.SERVER_ID = atoi(dbrow[0]); @@ -79,7 +79,7 @@ void zmLoadConfig() { } // end if has SERVER_NAME } else if ( staticConfig.SERVER_NAME.empty() ) { Debug( 1, "Fetching ZM_SERVER_NAME For Id = %d", staticConfig.SERVER_ID ); - std::string sql = stringtf("SELECT Name FROM Servers WHERE Id='%d'", staticConfig.SERVER_ID ); + std::string sql = stringtf("SELECT `Name` FROM `Servers` WHERE `Id`='%d'", staticConfig.SERVER_ID ); zmDbRow dbrow; if ( dbrow.fetch( sql.c_str() ) ) { diff --git a/src/zm_eventstream.cpp b/src/zm_eventstream.cpp index 36e8d097d..4b894c153 100644 --- a/src/zm_eventstream.cpp +++ b/src/zm_eventstream.cpp @@ -44,9 +44,9 @@ bool EventStream::loadInitialEventData(int monitor_id, time_t event_time) { static char sql[ZM_SQL_SML_BUFSIZ]; - snprintf(sql, sizeof(sql), "SELECT Id FROM Events WHERE " - "MonitorId = %d AND unix_timestamp(EndTime) > %ld " - "ORDER BY Id ASC LIMIT 1", monitor_id, event_time); + snprintf(sql, sizeof(sql), "SELECT `Id` FROM `Events` WHERE " + "`MonitorId` = %d AND unix_timestamp(`EndTime`) > %ld " + "ORDER BY `Id` ASC LIMIT 1", monitor_id, event_time); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); @@ -115,9 +115,9 @@ bool EventStream::loadEventData(uint64_t event_id) { static char sql[ZM_SQL_MED_BUFSIZ]; snprintf(sql, sizeof(sql), - "SELECT MonitorId, StorageId, Frames, unix_timestamp( StartTime ) AS StartTimestamp, " - "(SELECT max(Delta)-min(Delta) FROM Frames WHERE EventId=Events.Id) AS Duration, " - "DefaultVideo, Scheme, SaveJPEGs FROM Events WHERE Id = %" PRIu64, event_id); + "SELECT `MonitorId`, `StorageId`, `Frames`, unix_timestamp( `StartTime` ) AS StartTimestamp, " + "(SELECT max(`Delta`)-min(`Delta`) FROM `Frames` WHERE `EventId`=`Events.Id`) AS Duration, " + "`DefaultVideo`, `Scheme`, `SaveJPEGs` FROM `Events` WHERE `Id` = %" PRIu64, event_id); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); @@ -210,8 +210,8 @@ bool EventStream::loadEventData(uint64_t event_id) { Debug(3, "fps set by frame_count(%d)/duration(%f)", event_data->frame_count, event_data->duration); - snprintf(sql, sizeof(sql), "SELECT FrameId, unix_timestamp(`TimeStamp`), Delta " - "FROM Frames WHERE EventId = %" PRIu64 " ORDER BY FrameId ASC", event_id); + snprintf(sql, sizeof(sql), "SELECT `FrameId`, unix_timestamp(`TimeStamp`), `Delta` " + "FROM `Frames` WHERE `EventId` = %" PRIu64 " ORDER BY `FrameId` ASC", event_id); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); exit(mysql_errno(&dbconn)); @@ -542,11 +542,11 @@ void EventStream::checkEventLoaded() { if ( curr_frame_id <= 0 ) { snprintf(sql, sizeof(sql), - "SELECT Id FROM Events WHERE MonitorId = %ld AND Id < %" PRIu64 " ORDER BY Id DESC LIMIT 1", + "SELECT `Id` FROM `Events` WHERE `MonitorId` = %ld AND `Id` < %" PRIu64 " ORDER BY `Id` DESC LIMIT 1", event_data->monitor_id, event_data->event_id); } else if ( (unsigned int)curr_frame_id > event_data->frame_count ) { snprintf(sql, sizeof(sql), - "SELECT Id FROM Events WHERE MonitorId = %ld AND Id > %" PRIu64 " ORDER BY Id ASC LIMIT 1", + "SELECT `Id` FROM `Events` WHERE `MonitorId` = %ld AND `Id` > %" PRIu64 " ORDER BY `Id` ASC LIMIT 1", event_data->monitor_id, event_data->event_id); } else { // No event change required diff --git a/src/zm_group.cpp b/src/zm_group.cpp index 7b96920b8..070d3b571 100644 --- a/src/zm_group.cpp +++ b/src/zm_group.cpp @@ -46,7 +46,7 @@ Group::Group(unsigned int p_id) { if ( p_id ) { char sql[ZM_SQL_SML_BUFSIZ]; - snprintf(sql, sizeof(sql), "SELECT Id, ParentId, Name FROM Group WHERE Id=%d", p_id); + snprintf(sql, sizeof(sql), "SELECT `Id`, `ParentId`, `Name` FROM `Group` WHERE `Id`=%d", p_id); Debug(2,"Loading Group for %d using %s", p_id, sql); zmDbRow dbrow; if ( !dbrow.fetch(sql) ) { diff --git a/src/zm_monitor.cpp b/src/zm_monitor.cpp index 617426d1f..1b9442f75 100644 --- a/src/zm_monitor.cpp +++ b/src/zm_monitor.cpp @@ -68,19 +68,19 @@ // This is the official SQL (and ordering of the fields) to load a Monitor. // It will be used whereever a Monitor dbrow is needed. WHERE conditions can be appended std::string load_monitor_sql = -"SELECT Id, Name, ServerId, StorageId, Type, Function+0, Enabled, LinkedMonitors, " -"AnalysisFPSLimit, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS," -"Device, Channel, Format, V4LMultiBuffer, V4LCapturesPerFrame, " // V4L Settings -"Protocol, Method, Options, User, Pass, Host, Port, Path, Width, Height, Colours, Palette, Orientation+0, Deinterlacing, " -"DecoderHWAccelName, DecoderHWAccelDevice, RTSPDescribe, " -"SaveJPEGs, VideoWriter, EncoderParameters, " +"SELECT `Id`, `Name`, `ServerId`, `StorageId`, `Type`, `Function`+0, `Enabled`, `LinkedMonitors`, " +"`AnalysisFPSLimit`, `AnalysisUpdateDelay`, `MaxFPS`, `AlarmMaxFPS`," +"`Device`, `Channel`, `Format`, `V4LMultiBuffer`, `V4LCapturesPerFrame`, " // V4L Settings +"`Protocol`, `Method`, `Options`, `User`, `Pass`, `Host`, `Port`, `Path`, `Width`, `Height`, `Colours`, `Palette`, `Orientation`+0, `Deinterlacing`, " +"`DecoderHWAccelName`, `DecoderHWAccelDevice`, `RTSPDescribe`, " +"`SaveJPEGs`, `VideoWriter`, `EncoderParameters`, " //" OutputCodec, Encoder, OutputContainer, " -"RecordAudio, " -"Brightness, Contrast, Hue, Colour, " -"EventPrefix, LabelFormat, LabelX, LabelY, LabelSize," -"ImageBufferCount, WarmupCount, PreEventCount, PostEventCount, StreamReplayBuffer, AlarmFrameCount, " -"SectionLength, MinSectionLength, FrameSkip, MotionFrameSkip, " -"FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, Exif, SignalCheckPoints, SignalCheckColour FROM Monitors"; +"`RecordAudio`, " +"`Brightness`, `Contrast`, `Hue`, `Colour`, " +"`EventPrefix`, `LabelFormat`, `LabelX`, `LabelY`, `LabelSize`," +"`ImageBufferCount`, `WarmupCount`, `PreEventCount`, `PostEventCount`, `StreamReplayBuffer`, `AlarmFrameCount`, " +"`SectionLength`, `MinSectionLength`, `FrameSkip`, `MotionFrameSkip`, " +"`FPSReportInterval`, `RefBlendPerc`, `AlarmRefBlendPerc`, `TrackMotion`, `Exif`, `SignalCheckPoints`, `SignalCheckColour` FROM `Monitors`"; std::string CameraType_Strings[] = { "Local", @@ -1136,7 +1136,7 @@ void Monitor::DumpZoneImage(const char *zone_string) { } else { Debug(3, "Trying to load from event"); // Grab the most revent event image - std::string sql = stringtf("SELECT MAX(Id) FROM Events WHERE MonitorId=%d AND Frames > 0", id); + std::string sql = stringtf("SELECT MAX(`Id`) FROM `Events` WHERE `MonitorId`=%d AND `Frames` > 0", id); zmDbRow eventid_row; if ( eventid_row.fetch(sql.c_str()) ) { uint64_t event_id = atoll(eventid_row[0]); @@ -1803,12 +1803,12 @@ void Monitor::Reload() { static char sql[ZM_SQL_MED_BUFSIZ]; // This seems to have fallen out of date. snprintf(sql, sizeof(sql), - "SELECT Function+0, Enabled, LinkedMonitors, EventPrefix, LabelFormat, " - "LabelX, LabelY, LabelSize, WarmupCount, PreEventCount, PostEventCount, " - "AlarmFrameCount, SectionLength, MinSectionLength, FrameSkip, " - "MotionFrameSkip, AnalysisFPSLimit, AnalysisUpdateDelay, MaxFPS, AlarmMaxFPS, " - "FPSReportInterval, RefBlendPerc, AlarmRefBlendPerc, TrackMotion, " - "SignalCheckColour FROM Monitors WHERE Id = '%d'", id); + "SELECT `Function`+0, `Enabled`, `LinkedMonitors`, `EventPrefix`, `LabelFormat`, " + "`LabelX`, `LabelY`, `LabelSize`, `WarmupCount`, `PreEventCount`, `PostEventCount`, " + "`AlarmFrameCount`, `SectionLength`, `MinSectionLength`, `FrameSkip`, " + "`MotionFrameSkip`, `AnalysisFPSLimit`, `AnalysisUpdateDelay`, `MaxFPS`, `AlarmMaxFPS`, " + "`FPSReportInterval`, `RefBlendPerc`, `AlarmRefBlendPerc`, `TrackMotion`, " + "`SignalCheckColour` FROM `Monitors` WHERE `Id` = '%d'", id); zmDbRow *row = zmDbFetchOne(sql); if ( !row ) { @@ -2865,8 +2865,8 @@ std::vector Monitor::Groups() { // At the moment, only load groups once. if ( !groups.size() ) { std::string sql = stringtf( - "SELECT Id,ParentId,Name FROM Groups WHERE Groups.Id IN " - "(SELECT GroupId FROM Groups_Monitors WHERE MonitorId=%d)",id); + "SELECT `Id`, `ParentId`, `Name` FROM `Groups` WHERE `Groups.Id` IN " + "(SELECT `GroupId` FROM `Groups_Monitors` WHERE `MonitorId`=%d)",id); MYSQL_RES *result = zmDbFetch(sql.c_str()); if ( !result ) { Error("Can't load groups: %s", mysql_error(&dbconn)); diff --git a/src/zm_storage.cpp b/src/zm_storage.cpp index ff2ba4997..4bba82bab 100644 --- a/src/zm_storage.cpp +++ b/src/zm_storage.cpp @@ -62,7 +62,7 @@ Storage::Storage( unsigned int p_id ) { if ( p_id ) { char sql[ZM_SQL_SML_BUFSIZ]; - snprintf(sql, sizeof(sql), "SELECT Id, Name, Path, Type, Scheme FROM Storage WHERE Id=%d", p_id); + snprintf(sql, sizeof(sql), "SELECT `Id`, `Name`, `Path`, `Type`, `Scheme` FROM `Storage` WHERE `Id`=%d", p_id); Debug(2,"Loading Storage for %d using %s", p_id, sql ); zmDbRow dbrow; if ( !dbrow.fetch(sql) ) { diff --git a/src/zm_user.cpp b/src/zm_user.cpp index b873b8547..52da3ba98 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -99,8 +99,8 @@ User *zmLoadUser( const char *username, const char *password ) { snprintf(sql, sizeof(sql), - "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" - " FROM Users where Username = '%s' and Enabled = 1", safer_username ); + "SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds`" + " FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1", safer_username ); if ( mysql_query(&dbconn, sql) ) { @@ -162,8 +162,8 @@ User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) { if (username != "") { char sql[ZM_SQL_MED_BUFSIZ] = ""; snprintf(sql, sizeof(sql), - "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds, TokenMinExpiry" - " FROM Users WHERE Username = '%s' and Enabled = 1", username.c_str() ); + "SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds`, `TokenMinExpiry`" + " FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1", username.c_str() ); if ( mysql_query(&dbconn, sql) ) { Error("Can't run query: %s", mysql_error(&dbconn)); @@ -228,7 +228,7 @@ User *zmLoadAuthUser( const char *auth, bool use_remote_addr ) { Debug( 1, "Attempting to authenticate user from auth string '%s'", auth ); char sql[ZM_SQL_SML_BUFSIZ] = ""; - snprintf( sql, sizeof(sql), "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds FROM Users WHERE Enabled = 1" ); + snprintf( sql, sizeof(sql), "SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds` FROM `Users` WHERE `Enabled` = 1" ); if ( mysql_query( &dbconn, sql ) ) { Error( "Can't run query: %s", mysql_error( &dbconn ) );