ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas

This commit is contained in:
Isaac Connor 2019-01-30 15:19:01 -05:00
parent 932ab62200 9a3aa49bae
commit 2d560a176e
23 changed files with 244 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/zm_user.cpp
View File

@ -89,18 +89,21 @@ bool User::canAccess( int monitor_id ) {
// Please note that in auth relay mode = none, password is NULL
User *zmLoadUser( const char *username, const char *password ) {
char sql[ZM_SQL_MED_BUFSIZ] = "";
char safer_username[65]; // current db username size is 32
int username_length = strlen(username);
char *safer_username = new char[(username_length * 2) + 1];
// According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
mysql_real_escape_string(&dbconn, safer_username, username, strlen( username ) );
mysql_real_escape_string(&dbconn, safer_username, username, username_length );
if ( password ) {
char safer_password[129]; // current db password size is 64
mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) );
int password_length = strlen(password);
char *safer_password = new char[(password_length * 2) + 1];
mysql_real_escape_string(&dbconn, safer_password, password, password_length);
snprintf(sql, sizeof(sql),
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
" FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1",
safer_username, safer_password );
delete safer_password;
} else {
snprintf(sql, sizeof(sql),
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
@ -131,6 +134,7 @@ User *zmLoadUser( const char *username, const char *password ) {
Info("Authenticated user '%s'", user->getUsername());
mysql_free_result(result);
delete safer_username;
return user;
}

26
web/ajax/status.php
View File

@ -270,14 +270,32 @@ function collectData() {
}
$index++;
}
$sql .= ' where '.join( ' and ', $where );
$sql .= ' WHERE '.join( ' AND ', $where );
}
if ( $groupSql )
$sql .= ' GROUP BY '.join( ',', array_unique( $groupSql ) );
if ( !empty($_REQUEST['sort']) ) {
$sql .= ' order by :sort';
$values[':sort'] = $_REQUEST['sort'];
}
$sql .= ' ORDER BY ';
$sort_fields = explode(',',$_REQUEST['sort']);
foreach ( $sort_fields as $sort_field ) {
preg_match('/^(\w+)\s*(ASC|DESC)?( NULLS FIRST)?$/i', $sort_field, $matches);
if ( count($matches) ) {
if ( in_array($matches[1], $fieldSql) ) {
$sql .= $matches[1];
} else {
Error('Sort field ' . $matches[1] . ' not in SQL Fields');
}
if ( count($matches) > 2 ) {
$sql .= ' '.strtoupper($matches[2]);
if ( count($matches) > 3 )
$sql .= ' '.strtoupper($matches[3]);
}
} else {
Error("Sort field didn't match regexp $sort_field");
}
} # end foreach sort field
} # end if has sort
if ( !empty($entitySpec['limit']) )
$limit = $entitySpec['limit'];
elseif ( !empty($_REQUEST['count']) )

2
web/includes/actions/bandwidth.php
View File

@ -23,5 +23,7 @@ if ( $action == 'bandwidth' && isset($_REQUEST['newBandwidth']) ) {
$_COOKIE['zmBandwidth'] = validStr($_REQUEST['newBandwidth']);
setcookie('zmBandwidth', validStr($_REQUEST['newBandwidth']), time()+3600*24*30*12*10);
$refreshParent = true;
$view = 'none';
$closePopup = true;
}
?>

109
web/includes/actions/filter.php
View File

@ -19,63 +19,64 @@
//
// Event scope actions, view permissions only required
if ( canView('Events') ) {
if ( !canView('Events') ) {
Warning('You do not have permission to view Events.');
return;
}
if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) {
if ( $action == 'addterm' ) {
$_REQUEST['filter'] = addFilterTerm($_REQUEST['filter'], $_REQUEST['line']);
} elseif ( $action == 'delterm' ) {
$_REQUEST['filter'] = delFilterTerm($_REQUEST['filter'], $_REQUEST['line']);
} else if ( canEdit('Events') ) {
if ( $action == 'delete' ) {
if ( ! empty($_REQUEST['Id']) ) {
dbQuery('DELETE FROM Filters WHERE Id=?', array($_REQUEST['Id']));
}
} else if ( ( $action == 'Save' ) or ( $action == 'SaveAs' ) or ( $action == 'execute' ) ) {
# or ( $action == 'submit' ) ) {
if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) {
if ( $action == 'addterm' ) {
$_REQUEST['filter'] = addFilterTerm($_REQUEST['filter'], $_REQUEST['line']);
} elseif ( $action == 'delterm' ) {
$_REQUEST['filter'] = delFilterTerm($_REQUEST['filter'], $_REQUEST['line']);
} else if ( canEdit('Events') ) {
if ( $action == 'delete' ) {
if ( !empty($_REQUEST['Id']) ) {
dbQuery('DELETE FROM Filters WHERE Id=?', array($_REQUEST['Id']));
}
} else if ( ( $action == 'Save' ) or ( $action == 'SaveAs' ) or ( $action == 'execute' ) ) {
$sql = '';
$_REQUEST['filter']['Query']['sort_field'] = validStr($_REQUEST['filter']['Query']['sort_field']);
$_REQUEST['filter']['Query']['sort_asc'] = validStr($_REQUEST['filter']['Query']['sort_asc']);
$_REQUEST['filter']['Query']['limit'] = validInt($_REQUEST['filter']['Query']['limit']);
if ( $action == 'execute' ) {
$tempFilterName = '_TempFilter'.time();
$sql .= ' Name = \''.$tempFilterName.'\'';
} else {
$sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']);
}
$sql .= ', Query = '.dbEscape(jsonEncode($_REQUEST['filter']['Query']));
$sql .= ', AutoArchive = '.(!empty($_REQUEST['filter']['AutoArchive']) ? 1 : 0);
$sql .= ', AutoVideo = '. ( !empty($_REQUEST['filter']['AutoVideo']) ? 1 : 0);
$sql .= ', AutoUpload = '. ( !empty($_REQUEST['filter']['AutoUpload']) ? 1 : 0);
$sql .= ', AutoEmail = '. ( !empty($_REQUEST['filter']['AutoEmail']) ? 1 : 0);
$sql .= ', AutoMessage = '. ( !empty($_REQUEST['filter']['AutoMessage']) ? 1 : 0);
$sql .= ', AutoExecute = '. ( !empty($_REQUEST['filter']['AutoExecute']) ? 1 : 0);
$sql .= ', AutoExecuteCmd = '.dbEscape($_REQUEST['filter']['AutoExecuteCmd']);
$sql .= ', AutoDelete = '. ( !empty($_REQUEST['filter']['AutoDelete']) ? 1 : 0);
if ( !empty($_REQUEST['filter']['AutoMove']) ? 1 : 0) {
$sql .= ', AutoMove = 1, AutoMoveTo='. validInt($_REQUEST['filter']['AutoMoveTo']);
} else {
$sql .= ', AutoMove = 0';
}
$sql .= ', UpdateDiskSpace = '. ( !empty($_REQUEST['filter']['UpdateDiskSpace']) ? 1 : 0);
$sql .= ', Background = '. ( !empty($_REQUEST['filter']['Background']) ? 1 : 0);
$sql .= ', Concurrent = '. ( !empty($_REQUEST['filter']['Concurrent']) ? 1 : 0);
$sql = '';
$_REQUEST['filter']['Query']['sort_field'] = validStr($_REQUEST['filter']['Query']['sort_field']);
$_REQUEST['filter']['Query']['sort_asc'] = validStr($_REQUEST['filter']['Query']['sort_asc']);
$_REQUEST['filter']['Query']['limit'] = validInt($_REQUEST['filter']['Query']['limit']);
if ( $action == 'execute' ) {
$tempFilterName = '_TempFilter'.time();
$sql .= ' Name = \''.$tempFilterName.'\'';
} else {
$sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']);
}
$sql .= ', Query = '.dbEscape(jsonEncode($_REQUEST['filter']['Query']));
$sql .= ', AutoArchive = '.(!empty($_REQUEST['filter']['AutoArchive']) ? 1 : 0);
$sql .= ', AutoVideo = '. ( !empty($_REQUEST['filter']['AutoVideo']) ? 1 : 0);
$sql .= ', AutoUpload = '. ( !empty($_REQUEST['filter']['AutoUpload']) ? 1 : 0);
$sql .= ', AutoEmail = '. ( !empty($_REQUEST['filter']['AutoEmail']) ? 1 : 0);
$sql .= ', AutoMessage = '. ( !empty($_REQUEST['filter']['AutoMessage']) ? 1 : 0);
$sql .= ', AutoExecute = '. ( !empty($_REQUEST['filter']['AutoExecute']) ? 1 : 0);
$sql .= ', AutoExecuteCmd = '.dbEscape($_REQUEST['filter']['AutoExecuteCmd']);
$sql .= ', AutoDelete = '. ( !empty($_REQUEST['filter']['AutoDelete']) ? 1 : 0);
if ( !empty($_REQUEST['filter']['AutoMove']) ? 1 : 0) {
$sql .= ', AutoMove = 1, AutoMoveTo='. validInt($_REQUEST['filter']['AutoMoveTo']);
} else {
$sql .= ', AutoMove = 0';
}
$sql .= ', UpdateDiskSpace = '. ( !empty($_REQUEST['filter']['UpdateDiskSpace']) ? 1 : 0);
$sql .= ', Background = '. ( !empty($_REQUEST['filter']['Background']) ? 1 : 0);
$sql .= ', Concurrent = '. ( !empty($_REQUEST['filter']['Concurrent']) ? 1 : 0);
if ( $_REQUEST['Id'] and ( $action == 'Save' ) ) {
dbQuery('UPDATE Filters SET ' . $sql. ' WHERE Id=?', array($_REQUEST['Id']));
} else {
dbQuery('INSERT INTO Filters SET' . $sql);
$_REQUEST['Id'] = dbInsertId();
}
if ( $action == 'execute' ) {
executeFilter( $tempFilterName );
}
if ( $_REQUEST['Id'] and ( $action == 'Save' ) ) {
dbQuery('UPDATE Filters SET '.$sql.' WHERE Id=?', array($_REQUEST['Id']));
} else {
dbQuery('INSERT INTO Filters SET'.$sql);
$_REQUEST['Id'] = dbInsertId();
}
if ( $action == 'execute' ) {
executeFilter($_REQUEST['Id']);
$view = 'events';
}
} // end if save or execute
} // end if canEdit(Events)
return;
} // end if object == filter
} // end canView(Events)
} // end if save or execute
} // end if canEdit(Events)
} // end if object == filter
?>

2
web/includes/actions/state.php
View File

@ -20,7 +20,7 @@
// System edit actions
if ( !canEdit('System') ) {
Warning("Need System Permission to edit states");
Warning('Need System Permission to edit states');
return;
}
if ( $action == 'state' ) {

22
web/includes/functions.php
View File

@ -51,11 +51,20 @@ function CSPHeaders($view, $nonce) {
case 'blank':
case 'console':
case 'controlcap':
case 'cycle':
case 'donate':
case 'error':
case 'function':
case 'log':
case 'logout':
case 'optionhelp':
case 'options':
case 'plugin':
case 'postlogin':
case 'privacy':
case 'server':
case 'state':
case 'status':
case 'storage':
case 'version': {
// Enforce script-src on pages where inline scripts and event handlers have been fixed.
@ -441,6 +450,9 @@ function makeLink( $url, $label, $condition=1, $options='' ) {
return( $string );
}
/**
* $label must be already escaped. It can't be done here since it sometimes contains HTML tags.
*/
function makePopupLink( $url, $winName, $winSize, $label, $condition=1, $options='' ) {
// Avoid double-encoding since some consumers incorrectly pass a pre-escaped URL.
$string = '<a class="popup-link" href="' . htmlspecialchars($url, ENT_COMPAT | ENT_HTML401, ini_get("default_charset"), false) . '"';
@ -958,11 +970,11 @@ Logger::Debug("generating Video $command: result($result outptu:(".implode("\n",
return( $status?"":rtrim($result) );
}
function executeFilter( $filter ) {
$command = ZM_PATH_BIN."/zmfilter.pl --filter ".escapeshellarg($filter);
$result = exec( $command, $output, $status );
dbQuery( "delete from Filters where Name like '_TempFilter%'" );
return( $status );
function executeFilter( $filter_id ) {
$command = ZM_PATH_BIN.'/zmfilter.pl --filter_id '.escapeshellarg($filter_id);
$result = exec($command, $output, $status);
dbQuery('DELETE FROM Filters WHERE Id=?', array($filter_id));
return $status;
}
# This takes more than one scale amount, so it runs through each and alters dimension.

56
web/index.php
View File

@ -51,7 +51,6 @@ require_once('includes/Event.php');
require_once('includes/Group.php');
require_once('includes/Monitor.php');
if (
(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
or
@ -118,12 +117,12 @@ $skinBase[] = $skin;
$currentCookieParams = session_get_cookie_params();
//Logger::Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)');
session_set_cookie_params(
$currentCookieParams['lifetime'],
$currentCookieParams['path'],
$currentCookieParams['domain'],
$currentCookieParams['secure'],
true
);
$currentCookieParams['lifetime'],
$currentCookieParams['path'],
$currentCookieParams['domain'],
$currentCookieParams['secure'],
true
);
ini_set('session.name', 'ZMSESSID');
@ -166,6 +165,7 @@ if ( !is_writable(ZM_DIR_EVENTS) ) {
}
# Globals
$action = null;
$error_message = null;
$redirect = null;
$view = null;
@ -185,9 +185,9 @@ foreach ( getSkinIncludes('skin.php') as $includeFile )
# User Login will be performed in auth.php
require_once('includes/auth.php');
if ( isset($_REQUEST['action']) ) {
if ( isset($_REQUEST['action']) )
$action = detaintPath($_REQUEST['action']);
}
# The only variable we really need to set is action. The others are informal.
isset($view) || $view = NULL;
@ -244,27 +244,27 @@ if ( $request ) {
require_once $includeFile;
}
return;
} else {
if ( $includeFiles = getSkinIncludes('views/'.$view.'.php', true, true) ) {
foreach ( $includeFiles as $includeFile ) {
if ( !file_exists($includeFile) )
Fatal("View '$view' does not exist");
require_once $includeFile;
}
// If the view overrides $view to 'error', and the user is not logged in, then the
// issue is probably resolvable by logging in, so provide the opportunity to do so.
// The login view should handle redirecting to the correct location afterward.
if ( $view == 'error' && !isset($user) ) {
$view = 'login';
foreach ( getSkinIncludes('views/login.php', true, true) as $includeFile )
require_once $includeFile;
}
}
if ( $includeFiles = getSkinIncludes('views/'.$view.'.php', true, true) ) {
foreach ( $includeFiles as $includeFile ) {
if ( !file_exists($includeFile) )
Fatal("View '$view' does not exist");
require_once $includeFile;
}
// If the view is missing or the view still returned error with the user logged in,
// then it is not recoverable.
if ( !$includeFiles || $view == 'error' ) {
foreach ( getSkinIncludes('views/error.php', true, true) as $includeFile )
// If the view overrides $view to 'error', and the user is not logged in, then the
// issue is probably resolvable by logging in, so provide the opportunity to do so.
// The login view should handle redirecting to the correct location afterward.
if ( $view == 'error' && !isset($user) ) {
$view = 'login';
foreach ( getSkinIncludes('views/login.php', true, true) as $includeFile )
require_once $includeFile;
}
}
// If the view is missing or the view still returned error with the user logged in,
// then it is not recoverable.
if ( !$includeFiles || $view == 'error' ) {
foreach ( getSkinIncludes('views/error.php', true, true) as $includeFile )
require_once $includeFile;
}
?>

2
web/skins/classic/includes/functions.php
View File

@ -131,7 +131,7 @@ echo output_link_if_exists( array(
var $j = jQuery.noConflict();
// $j is now an alias to the jQuery function; creating the new alias is optional.
</script>
<script src="skins/<?php echo $skin; ?>/views/js/state.js"></script>
<script src="<?php echo cache_bust('skins/'.$skin.'/views/js/state.js') ?>"></script>
<?php
if ( $title == 'Login' && (defined('ZM_OPT_USE_GOOG_RECAPTCHA') && ZM_OPT_USE_GOOG_RECAPTCHA) ) {
?>

2
web/skins/classic/js/base.js
View File

@ -64,7 +64,7 @@ var popupSizes = {
'stats': {'width': 840, 'height': 200},
'storage': {'width': 600, 'height': 405},
'timeline': {'width': 760, 'height': 540},
'user': {'width': 360, 'height': 720},
'user': {'width': 460, 'height': 720},
'version': {'width': 360, 'height': 185},
'video': {'width': 420, 'height': 360},
'videoview': {'addWidth': 48, 'addHeight': 80},

30
web/skins/classic/views/bandwidth.php
View File

@ -20,22 +20,19 @@
$newBandwidth = $_COOKIE['zmBandwidth'];
if ( $user && !empty($user['MaxBandwidth']) )
{
if ( $user['MaxBandwidth'] == "low" )
{
unset( $bandwidth_options['high'] );
unset( $bandwidth_options['medium'] );
}
elseif ( $user['MaxBandwidth'] == "medium" )
{
unset( $bandwidth_options['high'] );
}
# Limit available options to what are available in user
if ( $user && !empty($user['MaxBandwidth']) ) {
if ( $user['MaxBandwidth'] == 'low' ) {
unset($bandwidth_options['high']);
unset($bandwidth_options['medium']);
} else if ( $user['MaxBandwidth'] == 'medium' ) {
unset($bandwidth_options['high']);
}
}
$focusWindow = true;
xhtmlHeaders(__FILE__, translate('Bandwidth') );
xhtmlHeaders(__FILE__, translate('Bandwidth'));
?>
<body>
<div id="page">
@ -43,13 +40,14 @@ xhtmlHeaders(__FILE__, translate('Bandwidth') );
<h2><?php echo translate('Bandwidth') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<input type="hidden" name="view" value="none"/>
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<input type="hidden" name="view" value="bandwidth"/>
<input type="hidden" name="action" value="bandwidth"/>
<p><?php echo translate('SetNewBandwidth') ?></p>
<p><?php echo buildSelect( "newBandwidth", $bandwidth_options ) ?></p>
<p><?php echo buildSelect('newBandwidth', $bandwidth_options) ?></p>
<div id="contentButtons">
<input type="submit" value="<?php echo translate('Save') ?>"/><input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
<button type="submit" value="Save"><?php echo translate('Save') ?></button>
<button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
</div>
</form>
</div>

4
web/skins/classic/views/controlcaps.php
View File

@ -63,9 +63,9 @@ foreach( $controls as $control )
{
?>
<tr>
<td class="colName"><?php echo makePopupLink( '?view=controlcap&cid='.$control['Id'], 'zmControlCap', 'controlcap', $control['Name'], canView( 'Control' ) ) ?></td>
<td class="colName"><?php echo makePopupLink( '?view=controlcap&cid='.$control['Id'], 'zmControlCap', 'controlcap', validHtmlStr($control['Name']), canView( 'Control' ) ) ?></td>
<td class="colType"><?php echo $control['Type'] ?></td>
<td class="colProtocol"><?php echo $control['Protocol'] ?></td>
<td class="colProtocol"><?php echo validHtmlStr($control['Protocol']) ?></td>
<td class="colCanMove"><?php echo $control['CanMove']?translate('Yes'):translate('No') ?></td>
<td class="colCanZoom"><?php echo $control['CanZoom']?translate('Yes'):translate('No') ?></td>
<td class="colCanFocus"><?php echo $control['CanFocus']?translate('Yes'):translate('No') ?></td>

4
web/skins/classic/views/events.php
View File

@ -79,7 +79,9 @@ $pagination = getPagination($pages, $page, $maxShortcuts, $filterQuery.$sortQuer
$focusWindow = true;
if ( $_POST ) {
header('Location: ' . $_SERVER['REQUEST_URI'].htmlspecialchars_decode($filterQuery).htmlspecialchars_decode($sortQuery).$limitQuery.'&page='.$page);
// I think this is basically so that a refresh doesn't repost
Logger::Debug("Redirecting to " . $_SERVER['REQUEST_URI']);
header('Location: ?view=' . $view.htmlspecialchars_decode($filterQuery).htmlspecialchars_decode($sortQuery).$limitQuery.'&page='.$page);
exit();
}

12
web/skins/classic/views/filter.php
View File

@ -50,7 +50,7 @@ if ( isset($_REQUEST['sort_field']) && isset($_REQUEST['filter']) ) {
}
if ( isset($_REQUEST['filter']) ) {
$filter->set( $_REQUEST['filter'] );
$filter->set($_REQUEST['filter']);
# Update our filter object with whatever changes we have made before saving
}
@ -58,7 +58,7 @@ $conjunctionTypes = getFilterQueryConjunctionTypes();
$obracketTypes = array();
$cbracketTypes = array();
if (count($filter->terms()) > 0) {
if ( count($filter->terms()) > 0 ) {
$terms = $filter->terms();
} else {
$terms[] = array();
@ -177,9 +177,9 @@ if ( (null !== $filter->Concurrent()) and $filter->Concurrent() )
?>
</div>
</form>
<form name="contentForm" id="contentForm" method="post" class="validateFormOnSubmit">
<form name="contentForm" id="contentForm" method="post" class="validateFormOnSubmit" action="?view=filter">
<input type="hidden" name="Id" value="<?php echo $filter->Id() ?>"/>
<input type="hidden" name="action" value=""/>
<input type="hidden" name="action"/>
<input type="hidden" name="object" value="filter"/>
<hr/>
@ -393,7 +393,7 @@ if ( ZM_OPT_MESSAGE ) {
</p>
<p><label><?php echo translate('FilterMoveEvents') ?></label>
<input type="checkbox" name="filter[AutoMove]" value="1"<?php if ( $filter->AutoMove() ) { ?> checked="checked"<?php } ?> onclick="updateButtons(this);if(this.checked){$j(this.form.elements['filter[AutoMoveTo]']).css('display','inline');}else{this.form.elements['filter[AutoMoveTo]'].hide();};"/>
<?php echo htmlSelect( "filter[AutoMoveTo]", $storageareas, $filter->AutoMoveTo(), $filter->AutoMove() ? null : array('style'=>'display:none;' ) ); ?>
<?php echo htmlSelect('filter[AutoMoveTo]', $storageareas, $filter->AutoMoveTo(), $filter->AutoMove() ? null : array('style'=>'display:none;' )); ?>
</p>
<p>
<label for="background"><?php echo translate('BackgroundFilter') ?></label>
@ -408,7 +408,7 @@ if ( ZM_OPT_MESSAGE ) {
<div id="contentButtons">
<button type="submit" data-on-click-this="submitToEvents"><?php echo translate('ListMatches') ?></button>
<button type="button" data-on-click-this="submitToExport"><?php echo translate('ExportMatches') ?></button>
<button type="submit" name="executeButton" id="executeButton" data-on-click-this="executeFilter"><?php echo translate('Execute') ?></button>
<button type="button" name="executeButton" id="executeButton" data-on-click-this="executeFilter"><?php echo translate('Execute') ?></button>
<?php
if ( canEdit('Events') ) {
?>

24
web/skins/classic/views/js/filter.js
View File

@ -7,20 +7,21 @@ function validateForm( form ) {
obrCount += parseInt(form.elements['filter[Query][terms][' + i + '][obr]'].value);
cbrCount += parseInt(form.elements['filter[Query][terms][' + i + '][cbr]'].value);
}
if (form.elements['filter[Query][terms][' + i + '][val]'].value == '') {
alert( errorValue );
if ( form.elements['filter[Query][terms][' + i + '][val]'].value == '' ) {
alert(errorValue);
return false;
}
}
if (obrCount - cbrCount != 0) {
alert( errorBrackets );
if ( (obrCount - cbrCount) != 0 ) {
alert(errorBrackets);
return false;
}
var numbers_reg = /\D/;
if ( numbers_reg.test( form.elements['filter[Query][limit]'].value ) ) {
alert( "There appear to be non-numeric characters in your limit. Limit must be a positive integer value or empty." );
if ( numbers_reg.test(form.elements['filter[Query][limit]'].value) ) {
alert("There appear to be non-numeric characters in your limit. Limit must be a positive integer value or empty.");
return false;
}
console.log("Success validating");
return true;
}
@ -88,9 +89,10 @@ function submitToExport(element) {
function executeFilter( element ) {
var form = element.form;
form.action = thisUrl + '?view=events';
form.action = thisUrl + '?view=filter';
form.elements['action'].value = 'execute';
history.replaceState(null, null, '?view=filter&' + $j(form).serialize());
form.submit();
//history.replaceState(null, null, '?view=filter&' + $j(form).serialize());
}
function saveFilter( element ) {
@ -235,12 +237,12 @@ function stringFilter(term) {
function addTerm( element ) {
var row = $j(element).closest('tr');
row.find('select').chosen("destroy");
row.find('select').chosen('destroy');
var newRow = row.clone().insertAfter(row);
row.find('select').chosen({width: "101%"});
row.find('select').chosen({width: '101%'});
newRow.find('select').each( function() { //reset new row to default
this[0].selected = 'selected';
}).chosen({width: "101%"});
}).chosen({width: '101%'});
newRow.find('input[type="text"]').val('');
var rows = $j(row).parent().children();
parseRows(rows);

22
web/skins/classic/views/js/state.js
View File

@ -4,49 +4,47 @@ $j(document).ready(function() {
runstate = $j(this).val();
if ( (runstate == 'stop') || (runstate == 'restart') || (runstate == 'start') || (runstate == 'default') ) {
$j("#btnDelete").prop( "disabled", true );
$j("#btnDelete").prop("disabled", true);
} else {
$j("#btnDelete").prop( "disabled", false );
$j("#btnDelete").prop("disabled", false);
}
});
// Enable or disable the Save button when entering a new state
$j("#newState").keyup(function() {
length = $j(this).val().length;
console.log(length);
if (length < 1) {
$j("#btnSave").prop( "disabled", true );
if ( length < 1 ) {
$j("#btnSave").prop("disabled", true);
} else {
$j("#btnSave").prop( "disabled", false );
$j("#btnSave").prop("disabled", false);
}
});
// Delete a state
$j("#btnDelete").click(function() {
stateStuff( 'delete', $j("#runState").val( ));
stateStuff('delete', $j("#runState").val());
});
// Save a new state
$j("#btnSave").click(function() {
stateStuff( 'save', undefined, $j("#newState").val() );
stateStuff('save', undefined, $j("#newState").val());
});
// Change state
$j("#btnApply").click(function() {
stateStuff( 'state', $j("#runState").val() );
stateStuff('state', $j("#runState").val());
});
function stateStuff( action, runState, newState ) {
function stateStuff(action, runState, newState) {
var formData = {
'view': 'console',
'view': 'state',
'action': action,
'apply': 1,
'runState': runState,
'newState': newState
};
console.log(formData);
$j("#pleasewait").toggleClass("hidden");

6
web/skins/classic/views/js/zone.js
View File

@ -734,11 +734,13 @@ function Polygon_calcArea( coords ) {
var n_coords = coords.length;
var float_area = 0.0;
for ( i = 0, j = n_coords-1; i < n_coords; j = i++ ) {
var trap_area = ( ( coords[i].x - coords[j].x ) * ( coords[i].y + coords[j].y ) ) / 2;
for ( i = 0; i < n_coords-1; i++ ) {
var trap_area = (coords[i].x*coords[i+1].y - coords[i+1].x*coords[i].y) / 2;
float_area += trap_area;
//printf( "%.2f (%.2f)\n", float_area, trap_area );
}
float_area += (coords[n_coords-1].x*coords[0].y - coords[0].x*coords[n_coords-1].y) / 2;
return Math.round( Math.abs( float_area ) );
}

6
web/skins/classic/views/none.php
View File

@ -32,6 +32,12 @@ require_once($skinJsPhpFile);
?>
</script>
<script src="<?php echo cache_bust($skinJsFile) ?>"></script>
<script nonce="<?php echo $cspNonce ?>">
<?php
if ( !$debug )
echo 'closeWindow();';
?>
</script>
</head>
<body>
</body>

12
web/skins/classic/views/plugin.php
View File

@ -36,7 +36,8 @@ if ( $zid > 0 ) {
return;
}
$monitor = dbFetchMonitor ( $mid );
$plugin = $_REQUEST['pl'];
// Only allow certain filename characters (not including a period) to prevent directory traversal.
$plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']);
$plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin;
@ -103,7 +104,7 @@ function pLang($name)
<body>
<div id="page">
<div id="header">
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo $plugin ?></h2>
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2>
</div>
<div id="content">
<form name="pluginForm" id="pluginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
@ -111,7 +112,7 @@ function pLang($name)
<input type="hidden" name="action" value="plugin"/>
<input type="hidden" name="mid" value="<?php echo $mid ?>"/>
<input type="hidden" name="zid" value="<?php echo $zid ?>"/>
<input type="hidden" name="pl" value="<?php echo $plugin ?>"/>
<input type="hidden" name="pl" value="<?php echo validHtmlStr($plugin) ?>"/>
<div id="settingsPanel">
<table id="pluginSettings" cellspacing="0">
@ -143,8 +144,9 @@ foreach($pluginOptions as $name => $popt)
<?php
}
?>
</td>
</select>
</td>
<?php
break;
case "text":
@ -158,7 +160,7 @@ foreach($pluginOptions as $name => $popt)
?>
</tbody>
</table>
<input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" onclick="return saveChanges( this )"<?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/>
<input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" <?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/>
<input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
</div>
</form>

6
web/skins/classic/views/state.php
View File

@ -18,7 +18,7 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
if ( !canEdit( 'System' ) ) {
if ( !canEdit('System') ) {
$view = 'error';
return;
}
@ -32,7 +32,7 @@ if ( !canEdit( 'System' ) ) {
<h2 class="modal-title"><?php echo translate('RunState') ?></h2>
</div>
<div class="modal-body">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="view" value="state"/>
<input type="hidden" name="action" value="state"/>
<input type="hidden" name="apply" value="1"/>
@ -51,7 +51,7 @@ if ( $running ) {
<option value="start" selected="selected"><?php echo translate('Start') ?></option>
<?php
}
$states = dbFetchAll( 'SELECT * FROM States' );
$states = dbFetchAll('SELECT * FROM States');
foreach ( $states as $state ) {
?>
<option value="<?php echo $state['Name'] ?>"><?php echo $state['Name'] ?></option>

31
web/skins/classic/views/status.php
View File

@ -18,20 +18,19 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
if ( !canView( 'System' ) )
{
$view = "error";
return;
if ( !canView('System') ) {
$view = 'error';
return;
}
$zmuCommand = getZmuCommand( " --list" );
$result = exec( escapeshellcmd( $zmuCommand ), $output );
$zmuCommand = getZmuCommand(' --list');
$result = exec(escapeshellcmd($zmuCommand), $output);
$refresh = ZM_WEB_REFRESH_STATUS;
$url = '?view='.$view;
noCacheHeaders();
xhtmlHeaders(__FILE__, translate('Status') );
xhtmlHeaders(__FILE__, translate('Status'));
?>
<body>
<div id="page">
@ -39,20 +38,18 @@ xhtmlHeaders(__FILE__, translate('Status') );
<h2><?php echo translate('Status') ?></h2>
</div>
<div id="content">
<table id="contentTable" class="major" cellspacing="0">
<table id="contentTable" class="major">
<?php
if ( $row = array_shift( $output ) )
{
if ( $row = array_shift($output) ) {
?>
<thead>
<tr>
<?php
foreach ( preg_split( "/\s+/", $row ) as $col )
{
foreach ( preg_split('/\s+/', $row) as $col ) {
?>
<th><?php echo $col ?></th>
<?php
}
}
?>
</tr>
</thead>
@ -61,17 +58,15 @@ if ( $row = array_shift( $output ) )
?>
<tbody>
<?php
foreach ( $output as $row )
{
foreach ( $output as $row ) {
?>
<tr>
<?php
foreach ( preg_split( "/\s+/", $row ) as $col )
{
foreach ( preg_split('/\s+/', $row) as $col ) {
?>
<td><?php echo $col ?></td>
<?php
}
}
?>
</tr>
<?php

53
web/skins/classic/views/user.php
View File

@ -20,15 +20,14 @@
$selfEdit = ZM_USER_SELF_EDIT && $_REQUEST['uid'] == $user['Id'];
if ( !canEdit( 'System' ) && !$selfEdit )
{
$view = "error";
return;
if ( !canEdit('System') && !$selfEdit ) {
$view = 'error';
return;
}
if ( $_REQUEST['uid'] ) {
if ( !($newUser = dbFetchOne( 'SELECT * FROM Users WHERE Id = ?', NULL, ARRAY($_REQUEST['uid'])) ) ) {
$view = "error";
if ( !($newUser = dbFetchOne('SELECT * FROM Users WHERE Id = ?', NULL, ARRAY($_REQUEST['uid']))) ) {
$view = 'error';
return;
}
} else {
@ -38,29 +37,28 @@ if ( $_REQUEST['uid'] ) {
$newUser['MonitorIds'] = '';
}
$monitorIds = array_flip(explode( ',', $newUser['MonitorIds'] ));
$monitorIds = array_flip(explode(',', $newUser['MonitorIds']));
$yesno = array( 0=>translate('No'), 1=>translate('Yes') );
$nv = array( 'None'=>translate('None'), 'View'=>translate('View') );
$nve = array( 'None'=>translate('None'), 'View'=>translate('View'), 'Edit'=>translate('Edit') );
$bandwidths = array_merge( array( ""=>"" ), $bandwidth_options );
$langs = array_merge( array( ""=>"" ), getLanguages() );
$bandwidths = array_merge( array( ''=>'' ), $bandwidth_options );
$langs = array_merge( array( ''=>'' ), getLanguages() );
$sql = "select Id,Name from Monitors order by Sequence asc";
$sql = 'SELECT Id,Name FROM Monitors ORDER BY Sequence ASC';
$monitors = array();
foreach( dbFetchAll( $sql ) as $monitor )
{
$monitors[] = $monitor;
foreach( dbFetchAll($sql) as $monitor ) {
$monitors[] = $monitor;
}
$focusWindow = true;
xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] );
xhtmlHeaders(__FILE__, translate('User').' - '.$newUser['Username']);
?>
<body>
<div id="page">
<div id="header">
<h2><?php echo translate('User')." - ".$newUser['Username'] ?></h2>
<h2><?php echo translate('User').' - '.$newUser['Username'] ?></h2>
</div>
<div id="content">
<form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="return validateForm( this, <?php echo empty($newUser['Password'])?'true':'false' ?> )">
@ -68,11 +66,10 @@ xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] );
<input type="hidden" name="action" value="user"/>
<input type="hidden" name="uid" value="<?php echo validHtmlStr($_REQUEST['uid']) ?>"/>
<input type="hidden" name="newUser[MonitorIds]" value="<?php echo $newUser['MonitorIds'] ?>"/>
<table id="contentTable" class="major" cellspacing="0">
<table id="contentTable" class="major">
<tbody>
<?php
if ( canEdit( 'System' ) )
{
if ( canEdit('System') ) {
?>
<tr>
<th scope="row"><?php echo translate('Username') ?></th>
@ -83,19 +80,18 @@ if ( canEdit( 'System' ) )
?>
<tr>
<th scope="row"><?php echo translate('NewPassword') ?></th>
<td><input type="password" name="newUser[Password]" value=""/></td>
<td><input type="password" name="newUser[Password]"/></td>
</tr>
<tr>
<th scope="row"><?php echo translate('ConfirmPassword') ?></th>
<td><input type="password" name="conf_password" value=""/></td>
<td><input type="password" name="conf_password"/></td>
</tr>
<tr>
<th scope="row"><?php echo translate('Language') ?></th>
<td><?php echo buildSelect( "newUser[Language]", $langs ) ?></td>
</tr>
<?php
if ( canEdit( 'System' ) )
{
if ( canEdit('System') ) {
?>
<tr>
<th scope="row"><?php echo translate('Enabled') ?></th>
@ -134,14 +130,12 @@ if ( canEdit( 'System' ) )
<td>
<select name="monitorIds" size="4" multiple="multiple">
<?php
foreach ( $monitors as $monitor )
{
if ( visibleMonitor( $monitor['Id'] ) )
{
foreach ( $monitors as $monitor ) {
if ( visibleMonitor($monitor['Id']) ) {
?>
<option value="<?php echo $monitor['Id'] ?>"<?php if ( array_key_exists( $monitor['Id'], $monitorIds ) ) { ?> selected="selected"<?php } ?>><?php echo htmlentities($monitor['Name']) ?></option>
<option value="<?php echo $monitor['Id'] ?>"<?php if ( array_key_exists($monitor['Id'], $monitorIds) ) { ?> selected="selected"<?php } ?>><?php echo htmlentities($monitor['Name']) ?></option>
<?php
}
}
}
?>
</select>
@ -153,7 +147,8 @@ if ( canEdit( 'System' ) )
</tbody>
</table>
<div id="contentButtons">
<input type="submit" value="<?php echo translate('Save') ?>"/><input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
<button type="submit" value="Save"><?php echo translate('Save') ?></button>
<button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
</div>
</form>
</div>

4
web/skins/classic/views/watch.php
View File

@ -145,10 +145,10 @@ if ( $showPtzControls ) {
</div>
<?php
}
if ( canView( 'Events' ) && $monitor->Type() != 'WebSite' ) {
if ( canView('Events') && ($monitor->Type() != 'WebSite') ) {
?>
<div id="events">
<table id="eventList" cellspacing="0">
<table id="eventList">
<thead>
<tr>
<th class="colId"><?php echo translate('Id') ?></th>

4
web/skins/classic/views/zones.php
View File

@ -74,8 +74,8 @@ xhtmlHeaders(__FILE__, translate('Zones') );
foreach( $zones as $zone ) {
?>
<tr>
<td class="colName"><?php echo makePopupLink('?view=zone&mid=' . $mid . '&zid=' . $zone['Id'], 'zmZone', array('zone', $monitor->Width(), $monitor->Height()), $zone['Name'], true, 'onclick="streamCmdQuit( true ); return( false );"'); ?></td>
<td class="colType"><?php echo $zone['Type'] ?></td>
<td class="colName"><?php echo makePopupLink('?view=zone&mid=' . $mid . '&zid=' . $zone['Id'], 'zmZone', array('zone', $monitor->Width(), $monitor->Height()), validHtmlStr($zone['Name']), true, 'onclick="streamCmdQuit( true ); return( false );"'); ?></td>
<td class="colType"><?php echo validHtmlStr($zone['Type']) ?></td>
<td class="colUnits"><?php echo $zone['Area'] ?>&nbsp;/&nbsp;<?php echo sprintf( "%.2f", ($zone['Area']*100)/($monitor->Width()*$monitor->Height()) ) ?></td>
<td class="colMark"><input type="checkbox" name="markZids[]" value="<?php echo $zone['Id'] ?>" data-on-click-this="configureDeleteButton"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/></td>
</tr>