diff --git a/src/zm_user.cpp b/src/zm_user.cpp index ab0aa2953..6dbfb56fa 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -89,18 +89,21 @@ bool User::canAccess( int monitor_id ) { // Please note that in auth relay mode = none, password is NULL User *zmLoadUser( const char *username, const char *password ) { char sql[ZM_SQL_MED_BUFSIZ] = ""; - char safer_username[65]; // current db username size is 32 + int username_length = strlen(username); + char *safer_username = new char[(username_length * 2) + 1]; // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator. - mysql_real_escape_string(&dbconn, safer_username, username, strlen( username ) ); + mysql_real_escape_string(&dbconn, safer_username, username, username_length ); if ( password ) { - char safer_password[129]; // current db password size is 64 - mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) ); + int password_length = strlen(password); + char *safer_password = new char[(password_length * 2) + 1]; + mysql_real_escape_string(&dbconn, safer_password, password, password_length); snprintf(sql, sizeof(sql), "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" " FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1", safer_username, safer_password ); + delete safer_password; } else { snprintf(sql, sizeof(sql), "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" @@ -131,6 +134,7 @@ User *zmLoadUser( const char *username, const char *password ) { Info("Authenticated user '%s'", user->getUsername()); mysql_free_result(result); + delete safer_username; return user; } diff --git a/web/ajax/status.php b/web/ajax/status.php index 5d8b90aa6..7692b2e67 100644 --- a/web/ajax/status.php +++ b/web/ajax/status.php @@ -270,14 +270,32 @@ function collectData() { } $index++; } - $sql .= ' where '.join( ' and ', $where ); + $sql .= ' WHERE '.join( ' AND ', $where ); } if ( $groupSql ) $sql .= ' GROUP BY '.join( ',', array_unique( $groupSql ) ); if ( !empty($_REQUEST['sort']) ) { - $sql .= ' order by :sort'; - $values[':sort'] = $_REQUEST['sort']; - } + $sql .= ' ORDER BY '; + $sort_fields = explode(',',$_REQUEST['sort']); + foreach ( $sort_fields as $sort_field ) { + + preg_match('/^(\w+)\s*(ASC|DESC)?( NULLS FIRST)?$/i', $sort_field, $matches); + if ( count($matches) ) { + if ( in_array($matches[1], $fieldSql) ) { + $sql .= $matches[1]; + } else { + Error('Sort field ' . $matches[1] . ' not in SQL Fields'); + } + if ( count($matches) > 2 ) { + $sql .= ' '.strtoupper($matches[2]); + if ( count($matches) > 3 ) + $sql .= ' '.strtoupper($matches[3]); + } + } else { + Error("Sort field didn't match regexp $sort_field"); + } + } # end foreach sort field + } # end if has sort if ( !empty($entitySpec['limit']) ) $limit = $entitySpec['limit']; elseif ( !empty($_REQUEST['count']) ) diff --git a/web/includes/actions/bandwidth.php b/web/includes/actions/bandwidth.php index 8a9056cd2..c5fafa1c9 100644 --- a/web/includes/actions/bandwidth.php +++ b/web/includes/actions/bandwidth.php @@ -23,5 +23,7 @@ if ( $action == 'bandwidth' && isset($_REQUEST['newBandwidth']) ) { $_COOKIE['zmBandwidth'] = validStr($_REQUEST['newBandwidth']); setcookie('zmBandwidth', validStr($_REQUEST['newBandwidth']), time()+3600*24*30*12*10); $refreshParent = true; + $view = 'none'; + $closePopup = true; } ?> diff --git a/web/includes/actions/filter.php b/web/includes/actions/filter.php index 4067bdf9c..782d93885 100644 --- a/web/includes/actions/filter.php +++ b/web/includes/actions/filter.php @@ -19,63 +19,64 @@ // // Event scope actions, view permissions only required -if ( canView('Events') ) { +if ( !canView('Events') ) { + Warning('You do not have permission to view Events.'); + return; +} - if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) { - if ( $action == 'addterm' ) { - $_REQUEST['filter'] = addFilterTerm($_REQUEST['filter'], $_REQUEST['line']); - } elseif ( $action == 'delterm' ) { - $_REQUEST['filter'] = delFilterTerm($_REQUEST['filter'], $_REQUEST['line']); - } else if ( canEdit('Events') ) { - if ( $action == 'delete' ) { - if ( ! empty($_REQUEST['Id']) ) { - dbQuery('DELETE FROM Filters WHERE Id=?', array($_REQUEST['Id'])); - } - } else if ( ( $action == 'Save' ) or ( $action == 'SaveAs' ) or ( $action == 'execute' ) ) { - # or ( $action == 'submit' ) ) { +if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) { + if ( $action == 'addterm' ) { + $_REQUEST['filter'] = addFilterTerm($_REQUEST['filter'], $_REQUEST['line']); + } elseif ( $action == 'delterm' ) { + $_REQUEST['filter'] = delFilterTerm($_REQUEST['filter'], $_REQUEST['line']); + } else if ( canEdit('Events') ) { + if ( $action == 'delete' ) { + if ( !empty($_REQUEST['Id']) ) { + dbQuery('DELETE FROM Filters WHERE Id=?', array($_REQUEST['Id'])); + } + } else if ( ( $action == 'Save' ) or ( $action == 'SaveAs' ) or ( $action == 'execute' ) ) { - $sql = ''; - $_REQUEST['filter']['Query']['sort_field'] = validStr($_REQUEST['filter']['Query']['sort_field']); - $_REQUEST['filter']['Query']['sort_asc'] = validStr($_REQUEST['filter']['Query']['sort_asc']); - $_REQUEST['filter']['Query']['limit'] = validInt($_REQUEST['filter']['Query']['limit']); - if ( $action == 'execute' ) { - $tempFilterName = '_TempFilter'.time(); - $sql .= ' Name = \''.$tempFilterName.'\''; - } else { - $sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']); - } - $sql .= ', Query = '.dbEscape(jsonEncode($_REQUEST['filter']['Query'])); - $sql .= ', AutoArchive = '.(!empty($_REQUEST['filter']['AutoArchive']) ? 1 : 0); - $sql .= ', AutoVideo = '. ( !empty($_REQUEST['filter']['AutoVideo']) ? 1 : 0); - $sql .= ', AutoUpload = '. ( !empty($_REQUEST['filter']['AutoUpload']) ? 1 : 0); - $sql .= ', AutoEmail = '. ( !empty($_REQUEST['filter']['AutoEmail']) ? 1 : 0); - $sql .= ', AutoMessage = '. ( !empty($_REQUEST['filter']['AutoMessage']) ? 1 : 0); - $sql .= ', AutoExecute = '. ( !empty($_REQUEST['filter']['AutoExecute']) ? 1 : 0); - $sql .= ', AutoExecuteCmd = '.dbEscape($_REQUEST['filter']['AutoExecuteCmd']); - $sql .= ', AutoDelete = '. ( !empty($_REQUEST['filter']['AutoDelete']) ? 1 : 0); - if ( !empty($_REQUEST['filter']['AutoMove']) ? 1 : 0) { - $sql .= ', AutoMove = 1, AutoMoveTo='. validInt($_REQUEST['filter']['AutoMoveTo']); - } else { - $sql .= ', AutoMove = 0'; - } - $sql .= ', UpdateDiskSpace = '. ( !empty($_REQUEST['filter']['UpdateDiskSpace']) ? 1 : 0); - $sql .= ', Background = '. ( !empty($_REQUEST['filter']['Background']) ? 1 : 0); - $sql .= ', Concurrent = '. ( !empty($_REQUEST['filter']['Concurrent']) ? 1 : 0); + $sql = ''; + $_REQUEST['filter']['Query']['sort_field'] = validStr($_REQUEST['filter']['Query']['sort_field']); + $_REQUEST['filter']['Query']['sort_asc'] = validStr($_REQUEST['filter']['Query']['sort_asc']); + $_REQUEST['filter']['Query']['limit'] = validInt($_REQUEST['filter']['Query']['limit']); + if ( $action == 'execute' ) { + $tempFilterName = '_TempFilter'.time(); + $sql .= ' Name = \''.$tempFilterName.'\''; + } else { + $sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']); + } + $sql .= ', Query = '.dbEscape(jsonEncode($_REQUEST['filter']['Query'])); + $sql .= ', AutoArchive = '.(!empty($_REQUEST['filter']['AutoArchive']) ? 1 : 0); + $sql .= ', AutoVideo = '. ( !empty($_REQUEST['filter']['AutoVideo']) ? 1 : 0); + $sql .= ', AutoUpload = '. ( !empty($_REQUEST['filter']['AutoUpload']) ? 1 : 0); + $sql .= ', AutoEmail = '. ( !empty($_REQUEST['filter']['AutoEmail']) ? 1 : 0); + $sql .= ', AutoMessage = '. ( !empty($_REQUEST['filter']['AutoMessage']) ? 1 : 0); + $sql .= ', AutoExecute = '. ( !empty($_REQUEST['filter']['AutoExecute']) ? 1 : 0); + $sql .= ', AutoExecuteCmd = '.dbEscape($_REQUEST['filter']['AutoExecuteCmd']); + $sql .= ', AutoDelete = '. ( !empty($_REQUEST['filter']['AutoDelete']) ? 1 : 0); + if ( !empty($_REQUEST['filter']['AutoMove']) ? 1 : 0) { + $sql .= ', AutoMove = 1, AutoMoveTo='. validInt($_REQUEST['filter']['AutoMoveTo']); + } else { + $sql .= ', AutoMove = 0'; + } + $sql .= ', UpdateDiskSpace = '. ( !empty($_REQUEST['filter']['UpdateDiskSpace']) ? 1 : 0); + $sql .= ', Background = '. ( !empty($_REQUEST['filter']['Background']) ? 1 : 0); + $sql .= ', Concurrent = '. ( !empty($_REQUEST['filter']['Concurrent']) ? 1 : 0); - if ( $_REQUEST['Id'] and ( $action == 'Save' ) ) { - dbQuery('UPDATE Filters SET ' . $sql. ' WHERE Id=?', array($_REQUEST['Id'])); - } else { - dbQuery('INSERT INTO Filters SET' . $sql); - $_REQUEST['Id'] = dbInsertId(); - } - if ( $action == 'execute' ) { - executeFilter( $tempFilterName ); - } + if ( $_REQUEST['Id'] and ( $action == 'Save' ) ) { + dbQuery('UPDATE Filters SET '.$sql.' WHERE Id=?', array($_REQUEST['Id'])); + } else { + dbQuery('INSERT INTO Filters SET'.$sql); + $_REQUEST['Id'] = dbInsertId(); + } + if ( $action == 'execute' ) { + executeFilter($_REQUEST['Id']); + $view = 'events'; + } - } // end if save or execute - } // end if canEdit(Events) - return; - } // end if object == filter -} // end canView(Events) + } // end if save or execute + } // end if canEdit(Events) +} // end if object == filter ?> diff --git a/web/includes/actions/state.php b/web/includes/actions/state.php index 70666145e..6b9cbd7cf 100644 --- a/web/includes/actions/state.php +++ b/web/includes/actions/state.php @@ -20,7 +20,7 @@ // System edit actions if ( !canEdit('System') ) { - Warning("Need System Permission to edit states"); + Warning('Need System Permission to edit states'); return; } if ( $action == 'state' ) { diff --git a/web/includes/functions.php b/web/includes/functions.php index 0363a570e..8b490bbde 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -51,11 +51,20 @@ function CSPHeaders($view, $nonce) { case 'blank': case 'console': case 'controlcap': + case 'cycle': + case 'donate': + case 'error': case 'function': case 'log': case 'logout': + case 'optionhelp': case 'options': + case 'plugin': + case 'postlogin': case 'privacy': + case 'server': + case 'state': + case 'status': case 'storage': case 'version': { // Enforce script-src on pages where inline scripts and event handlers have been fixed. @@ -441,6 +450,9 @@ function makeLink( $url, $label, $condition=1, $options='' ) { return( $string ); } +/** + * $label must be already escaped. It can't be done here since it sometimes contains HTML tags. + */ function makePopupLink( $url, $winName, $winSize, $label, $condition=1, $options='' ) { // Avoid double-encoding since some consumers incorrectly pass a pre-escaped URL. $string = ' diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index c5c98c8e6..703cd49d3 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -131,7 +131,7 @@ echo output_link_if_exists( array( var $j = jQuery.noConflict(); // $j is now an alias to the jQuery function; creating the new alias is optional. - + diff --git a/web/skins/classic/js/base.js b/web/skins/classic/js/base.js index b77b350ef..41bec4ed9 100644 --- a/web/skins/classic/js/base.js +++ b/web/skins/classic/js/base.js @@ -64,7 +64,7 @@ var popupSizes = { 'stats': {'width': 840, 'height': 200}, 'storage': {'width': 600, 'height': 405}, 'timeline': {'width': 760, 'height': 540}, - 'user': {'width': 360, 'height': 720}, + 'user': {'width': 460, 'height': 720}, 'version': {'width': 360, 'height': 185}, 'video': {'width': 420, 'height': 360}, 'videoview': {'addWidth': 48, 'addHeight': 80}, diff --git a/web/skins/classic/views/bandwidth.php b/web/skins/classic/views/bandwidth.php index ca8d1c6ce..2d4fbc5bf 100644 --- a/web/skins/classic/views/bandwidth.php +++ b/web/skins/classic/views/bandwidth.php @@ -20,22 +20,19 @@ $newBandwidth = $_COOKIE['zmBandwidth']; -if ( $user && !empty($user['MaxBandwidth']) ) -{ - if ( $user['MaxBandwidth'] == "low" ) - { - unset( $bandwidth_options['high'] ); - unset( $bandwidth_options['medium'] ); - } - elseif ( $user['MaxBandwidth'] == "medium" ) - { - unset( $bandwidth_options['high'] ); - } +# Limit available options to what are available in user +if ( $user && !empty($user['MaxBandwidth']) ) { + if ( $user['MaxBandwidth'] == 'low' ) { + unset($bandwidth_options['high']); + unset($bandwidth_options['medium']); + } else if ( $user['MaxBandwidth'] == 'medium' ) { + unset($bandwidth_options['high']); + } } $focusWindow = true; -xhtmlHeaders(__FILE__, translate('Bandwidth') ); +xhtmlHeaders(__FILE__, translate('Bandwidth')); ?>
@@ -43,13 +40,14 @@ xhtmlHeaders(__FILE__, translate('Bandwidth') );

-
- + +

-

+

- + +
diff --git a/web/skins/classic/views/controlcaps.php b/web/skins/classic/views/controlcaps.php index b5d3a587c..6ba3065dc 100644 --- a/web/skins/classic/views/controlcaps.php +++ b/web/skins/classic/views/controlcaps.php @@ -63,9 +63,9 @@ foreach( $controls as $control ) { ?> - + - + diff --git a/web/skins/classic/views/events.php b/web/skins/classic/views/events.php index b752655fd..b10a20370 100644 --- a/web/skins/classic/views/events.php +++ b/web/skins/classic/views/events.php @@ -79,7 +79,9 @@ $pagination = getPagination($pages, $page, $maxShortcuts, $filterQuery.$sortQuer $focusWindow = true; if ( $_POST ) { - header('Location: ' . $_SERVER['REQUEST_URI'].htmlspecialchars_decode($filterQuery).htmlspecialchars_decode($sortQuery).$limitQuery.'&page='.$page); + // I think this is basically so that a refresh doesn't repost + Logger::Debug("Redirecting to " . $_SERVER['REQUEST_URI']); + header('Location: ?view=' . $view.htmlspecialchars_decode($filterQuery).htmlspecialchars_decode($sortQuery).$limitQuery.'&page='.$page); exit(); } diff --git a/web/skins/classic/views/filter.php b/web/skins/classic/views/filter.php index 607802f8b..b7d9bec22 100644 --- a/web/skins/classic/views/filter.php +++ b/web/skins/classic/views/filter.php @@ -50,7 +50,7 @@ if ( isset($_REQUEST['sort_field']) && isset($_REQUEST['filter']) ) { } if ( isset($_REQUEST['filter']) ) { - $filter->set( $_REQUEST['filter'] ); + $filter->set($_REQUEST['filter']); # Update our filter object with whatever changes we have made before saving } @@ -58,7 +58,7 @@ $conjunctionTypes = getFilterQueryConjunctionTypes(); $obracketTypes = array(); $cbracketTypes = array(); -if (count($filter->terms()) > 0) { +if ( count($filter->terms()) > 0 ) { $terms = $filter->terms(); } else { $terms[] = array(); @@ -177,9 +177,9 @@ if ( (null !== $filter->Concurrent()) and $filter->Concurrent() ) ?> -
+ - +
@@ -393,7 +393,7 @@ if ( ZM_OPT_MESSAGE ) {

AutoMove() ) { ?> checked="checked" onclick="updateButtons(this);if(this.checked){$j(this.form.elements['filter[AutoMoveTo]']).css('display','inline');}else{this.form.elements['filter[AutoMoveTo]'].hide();};"/> - AutoMoveTo(), $filter->AutoMove() ? null : array('style'=>'display:none;' ) ); ?> + AutoMoveTo(), $filter->AutoMove() ? null : array('style'=>'display:none;' )); ?>

@@ -408,7 +408,7 @@ if ( ZM_OPT_MESSAGE ) {

- + diff --git a/web/skins/classic/views/js/filter.js b/web/skins/classic/views/js/filter.js index a703ad493..867386a22 100644 --- a/web/skins/classic/views/js/filter.js +++ b/web/skins/classic/views/js/filter.js @@ -7,20 +7,21 @@ function validateForm( form ) { obrCount += parseInt(form.elements['filter[Query][terms][' + i + '][obr]'].value); cbrCount += parseInt(form.elements['filter[Query][terms][' + i + '][cbr]'].value); } - if (form.elements['filter[Query][terms][' + i + '][val]'].value == '') { - alert( errorValue ); + if ( form.elements['filter[Query][terms][' + i + '][val]'].value == '' ) { + alert(errorValue); return false; } } - if (obrCount - cbrCount != 0) { - alert( errorBrackets ); + if ( (obrCount - cbrCount) != 0 ) { + alert(errorBrackets); return false; } var numbers_reg = /\D/; - if ( numbers_reg.test( form.elements['filter[Query][limit]'].value ) ) { - alert( "There appear to be non-numeric characters in your limit. Limit must be a positive integer value or empty." ); + if ( numbers_reg.test(form.elements['filter[Query][limit]'].value) ) { + alert("There appear to be non-numeric characters in your limit. Limit must be a positive integer value or empty."); return false; } + console.log("Success validating"); return true; } @@ -88,9 +89,10 @@ function submitToExport(element) { function executeFilter( element ) { var form = element.form; - form.action = thisUrl + '?view=events'; + form.action = thisUrl + '?view=filter'; form.elements['action'].value = 'execute'; - history.replaceState(null, null, '?view=filter&' + $j(form).serialize()); + form.submit(); + //history.replaceState(null, null, '?view=filter&' + $j(form).serialize()); } function saveFilter( element ) { @@ -235,12 +237,12 @@ function stringFilter(term) { function addTerm( element ) { var row = $j(element).closest('tr'); - row.find('select').chosen("destroy"); + row.find('select').chosen('destroy'); var newRow = row.clone().insertAfter(row); - row.find('select').chosen({width: "101%"}); + row.find('select').chosen({width: '101%'}); newRow.find('select').each( function() { //reset new row to default this[0].selected = 'selected'; - }).chosen({width: "101%"}); + }).chosen({width: '101%'}); newRow.find('input[type="text"]').val(''); var rows = $j(row).parent().children(); parseRows(rows); diff --git a/web/skins/classic/views/js/state.js b/web/skins/classic/views/js/state.js index dd208a1c8..583e4f5cb 100644 --- a/web/skins/classic/views/js/state.js +++ b/web/skins/classic/views/js/state.js @@ -4,49 +4,47 @@ $j(document).ready(function() { runstate = $j(this).val(); if ( (runstate == 'stop') || (runstate == 'restart') || (runstate == 'start') || (runstate == 'default') ) { - $j("#btnDelete").prop( "disabled", true ); + $j("#btnDelete").prop("disabled", true); } else { - $j("#btnDelete").prop( "disabled", false ); + $j("#btnDelete").prop("disabled", false); } }); // Enable or disable the Save button when entering a new state $j("#newState").keyup(function() { length = $j(this).val().length; - console.log(length); - if (length < 1) { - $j("#btnSave").prop( "disabled", true ); + if ( length < 1 ) { + $j("#btnSave").prop("disabled", true); } else { - $j("#btnSave").prop( "disabled", false ); + $j("#btnSave").prop("disabled", false); } }); // Delete a state $j("#btnDelete").click(function() { - stateStuff( 'delete', $j("#runState").val( )); + stateStuff('delete', $j("#runState").val()); }); // Save a new state $j("#btnSave").click(function() { - stateStuff( 'save', undefined, $j("#newState").val() ); + stateStuff('save', undefined, $j("#newState").val()); }); // Change state $j("#btnApply").click(function() { - stateStuff( 'state', $j("#runState").val() ); + stateStuff('state', $j("#runState").val()); }); - function stateStuff( action, runState, newState ) { + function stateStuff(action, runState, newState) { var formData = { - 'view': 'console', + 'view': 'state', 'action': action, 'apply': 1, 'runState': runState, 'newState': newState }; - console.log(formData); $j("#pleasewait").toggleClass("hidden"); diff --git a/web/skins/classic/views/js/zone.js b/web/skins/classic/views/js/zone.js index 654e48cd9..b1787359f 100644 --- a/web/skins/classic/views/js/zone.js +++ b/web/skins/classic/views/js/zone.js @@ -734,11 +734,13 @@ function Polygon_calcArea( coords ) { var n_coords = coords.length; var float_area = 0.0; - for ( i = 0, j = n_coords-1; i < n_coords; j = i++ ) { - var trap_area = ( ( coords[i].x - coords[j].x ) * ( coords[i].y + coords[j].y ) ) / 2; + for ( i = 0; i < n_coords-1; i++ ) { + var trap_area = (coords[i].x*coords[i+1].y - coords[i+1].x*coords[i].y) / 2; float_area += trap_area; //printf( "%.2f (%.2f)\n", float_area, trap_area ); } + float_area += (coords[n_coords-1].x*coords[0].y - coords[0].x*coords[n_coords-1].y) / 2; + return Math.round( Math.abs( float_area ) ); } diff --git a/web/skins/classic/views/none.php b/web/skins/classic/views/none.php index e52105331..da04ed19b 100644 --- a/web/skins/classic/views/none.php +++ b/web/skins/classic/views/none.php @@ -32,6 +32,12 @@ require_once($skinJsPhpFile); ?> + diff --git a/web/skins/classic/views/plugin.php b/web/skins/classic/views/plugin.php index 7b4cf85ca..4f3b4ccf2 100644 --- a/web/skins/classic/views/plugin.php +++ b/web/skins/classic/views/plugin.php @@ -36,7 +36,8 @@ if ( $zid > 0 ) { return; } $monitor = dbFetchMonitor ( $mid ); -$plugin = $_REQUEST['pl']; +// Only allow certain filename characters (not including a period) to prevent directory traversal. +$plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']); $plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin; @@ -103,7 +104,7 @@ function pLang($name)
@@ -111,7 +112,7 @@ function pLang($name) - +
@@ -143,8 +144,9 @@ foreach($pluginOptions as $name => $popt) - + + $popt) ?>
- disabled="disabled"/> + disabled="disabled"/>
diff --git a/web/skins/classic/views/state.php b/web/skins/classic/views/state.php index 34a92c3df..e2e1e4b0b 100644 --- a/web/skins/classic/views/state.php +++ b/web/skins/classic/views/state.php @@ -18,7 +18,7 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // -if ( !canEdit( 'System' ) ) { +if ( !canEdit('System') ) { $view = 'error'; return; } @@ -32,7 +32,7 @@ if ( !canEdit( 'System' ) ) {

- + @@ -51,7 +51,7 @@ if ( $running ) { diff --git a/web/skins/classic/views/status.php b/web/skins/classic/views/status.php index ae5a7f632..cb4d3016a 100644 --- a/web/skins/classic/views/status.php +++ b/web/skins/classic/views/status.php @@ -18,20 +18,19 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // -if ( !canView( 'System' ) ) -{ - $view = "error"; - return; +if ( !canView('System') ) { + $view = 'error'; + return; } -$zmuCommand = getZmuCommand( " --list" ); -$result = exec( escapeshellcmd( $zmuCommand ), $output ); +$zmuCommand = getZmuCommand(' --list'); +$result = exec(escapeshellcmd($zmuCommand), $output); $refresh = ZM_WEB_REFRESH_STATUS; $url = '?view='.$view; noCacheHeaders(); -xhtmlHeaders(__FILE__, translate('Status') ); +xhtmlHeaders(__FILE__, translate('Status')); ?>
@@ -39,20 +38,18 @@ xhtmlHeaders(__FILE__, translate('Status') );

- +
@@ -61,17 +58,15 @@ if ( $row = array_shift( $output ) ) ?> translate('No'), 1=>translate('Yes') ); $nv = array( 'None'=>translate('None'), 'View'=>translate('View') ); $nve = array( 'None'=>translate('None'), 'View'=>translate('View'), 'Edit'=>translate('Edit') ); -$bandwidths = array_merge( array( ""=>"" ), $bandwidth_options ); -$langs = array_merge( array( ""=>"" ), getLanguages() ); +$bandwidths = array_merge( array( ''=>'' ), $bandwidth_options ); +$langs = array_merge( array( ''=>'' ), getLanguages() ); -$sql = "select Id,Name from Monitors order by Sequence asc"; +$sql = 'SELECT Id,Name FROM Monitors ORDER BY Sequence ASC'; $monitors = array(); -foreach( dbFetchAll( $sql ) as $monitor ) -{ - $monitors[] = $monitor; +foreach( dbFetchAll($sql) as $monitor ) { + $monitors[] = $monitor; } $focusWindow = true; -xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] ); +xhtmlHeaders(__FILE__, translate('User').' - '.$newUser['Username']); ?>
@@ -68,11 +66,10 @@ xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] ); -
+
@@ -83,19 +80,18 @@ if ( canEdit( 'System' ) ) ?> - + - + @@ -134,14 +130,12 @@ if ( canEdit( 'System' ) )
@@ -153,7 +147,8 @@ if ( canEdit( 'System' ) )
- + +
diff --git a/web/skins/classic/views/watch.php b/web/skins/classic/views/watch.php index 225fb83fe..085562512 100644 --- a/web/skins/classic/views/watch.php +++ b/web/skins/classic/views/watch.php @@ -145,10 +145,10 @@ if ( $showPtzControls ) {
Type() != 'WebSite' ) { +if ( canView('Events') && ($monitor->Type() != 'WebSite') ) { ?>
- +
diff --git a/web/skins/classic/views/zones.php b/web/skins/classic/views/zones.php index 5446676b4..c66ffd000 100644 --- a/web/skins/classic/views/zones.php +++ b/web/skins/classic/views/zones.php @@ -74,8 +74,8 @@ xhtmlHeaders(__FILE__, translate('Zones') ); foreach( $zones as $zone ) { ?> - - + +
Width(), $monitor->Height()), $zone['Name'], true, 'onclick="streamCmdQuit( true ); return( false );"'); ?>Width(), $monitor->Height()), validHtmlStr($zone['Name']), true, 'onclick="streamCmdQuit( true ); return( false );"'); ?>  / Width()*$monitor->Height()) ) ?> disabled="disabled"/>