From 124be4eee6e84103fc9b6f3b939eb7c386aee802 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 23 Jan 2019 10:18:57 -0500 Subject: [PATCH 01/17] Put back code to close the popup when view is none --- web/skins/classic/views/none.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/web/skins/classic/views/none.php b/web/skins/classic/views/none.php index e52105331..da04ed19b 100644 --- a/web/skins/classic/views/none.php +++ b/web/skins/classic/views/none.php @@ -32,6 +32,12 @@ require_once($skinJsPhpFile); ?> + From 4da95369f99387f34de432692e9e43cf53776de2 Mon Sep 17 00:00:00 2001 From: montagdude Date: Wed, 23 Jan 2019 10:35:18 -0500 Subject: [PATCH 02/17] Fix zone area calculation (#2437) Previous method resulted in bogus zone areas (in the range of 1000s of % of frame area) when entering points with the keyboard, even after applying commit 4937a68650aeafaff78559f27818616ecd4dfbce. This change implements the method here: http://mathworld.wolfram.com/PolygonArea.html It has been tested on ZoneMinder 1.32.3 and works correctly when either entering coordinates with the keyboard or dragging points with the mouse. --- web/skins/classic/views/js/zone.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/web/skins/classic/views/js/zone.js b/web/skins/classic/views/js/zone.js index b8e486199..cb9a83386 100644 --- a/web/skins/classic/views/js/zone.js +++ b/web/skins/classic/views/js/zone.js @@ -725,11 +725,13 @@ function Polygon_calcArea( coords ) { var n_coords = coords.length; var float_area = 0.0; - for ( i = 0, j = n_coords-1; i < n_coords; j = i++ ) { - var trap_area = ( ( coords[i].x - coords[j].x ) * ( coords[i].y + coords[j].y ) ) / 2; + for ( i = 0; i < n_coords-1; i++ ) { + var trap_area = (coords[i].x*coords[i+1].y - coords[i+1].x*coords[i].y) / 2; float_area += trap_area; //printf( "%.2f (%.2f)\n", float_area, trap_area ); } + float_area += (coords[n_coords-1].x*coords[0].y - coords[0].x*coords[n_coords-1].y) / 2; + return Math.round( Math.abs( float_area ) ); } From 58d35837224e171ef284b9114197ea6c6ff086f4 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 23 Jan 2019 11:18:30 -0500 Subject: [PATCH 03/17] clean up and reduce depth of some logic --- web/index.php | 56 +++++++++++++++++++++++++-------------------------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/web/index.php b/web/index.php index 7d13e9ce1..5190fad65 100644 --- a/web/index.php +++ b/web/index.php @@ -51,7 +51,6 @@ require_once('includes/Event.php'); require_once('includes/Group.php'); require_once('includes/Monitor.php'); - if ( (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') or @@ -118,12 +117,12 @@ $skinBase[] = $skin; $currentCookieParams = session_get_cookie_params(); //Logger::Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)'); session_set_cookie_params( - $currentCookieParams['lifetime'], - $currentCookieParams['path'], - $currentCookieParams['domain'], - $currentCookieParams['secure'], - true -); + $currentCookieParams['lifetime'], + $currentCookieParams['path'], + $currentCookieParams['domain'], + $currentCookieParams['secure'], + true +); ini_set('session.name', 'ZMSESSID'); @@ -166,6 +165,7 @@ if ( !is_writable(ZM_DIR_EVENTS) ) { } # Globals +$action = null; $error_message = null; $redirect = null; $view = null; @@ -185,9 +185,9 @@ foreach ( getSkinIncludes('skin.php') as $includeFile ) # User Login will be performed in auth.php require_once('includes/auth.php'); -if ( isset($_REQUEST['action']) ) { +if ( isset($_REQUEST['action']) ) $action = detaintPath($_REQUEST['action']); -} + # The only variable we really need to set is action. The others are informal. isset($view) || $view = NULL; @@ -244,27 +244,27 @@ if ( $request ) { require_once $includeFile; } return; -} else { - if ( $includeFiles = getSkinIncludes('views/'.$view.'.php', true, true) ) { - foreach ( $includeFiles as $includeFile ) { - if ( !file_exists($includeFile) ) - Fatal("View '$view' does not exist"); - require_once $includeFile; - } - // If the view overrides $view to 'error', and the user is not logged in, then the - // issue is probably resolvable by logging in, so provide the opportunity to do so. - // The login view should handle redirecting to the correct location afterward. - if ( $view == 'error' && !isset($user) ) { - $view = 'login'; - foreach ( getSkinIncludes('views/login.php', true, true) as $includeFile ) - require_once $includeFile; - } +} + +if ( $includeFiles = getSkinIncludes('views/'.$view.'.php', true, true) ) { + foreach ( $includeFiles as $includeFile ) { + if ( !file_exists($includeFile) ) + Fatal("View '$view' does not exist"); + require_once $includeFile; } - // If the view is missing or the view still returned error with the user logged in, - // then it is not recoverable. - if ( !$includeFiles || $view == 'error' ) { - foreach ( getSkinIncludes('views/error.php', true, true) as $includeFile ) + // If the view overrides $view to 'error', and the user is not logged in, then the + // issue is probably resolvable by logging in, so provide the opportunity to do so. + // The login view should handle redirecting to the correct location afterward. + if ( $view == 'error' && !isset($user) ) { + $view = 'login'; + foreach ( getSkinIncludes('views/login.php', true, true) as $includeFile ) require_once $includeFile; } } +// If the view is missing or the view still returned error with the user logged in, +// then it is not recoverable. +if ( !$includeFiles || $view == 'error' ) { + foreach ( getSkinIncludes('views/error.php', true, true) as $includeFile ) + require_once $includeFile; +} ?> From b9584bb5d28bea6cafb19a47bf94fb3af41e940a Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 23 Jan 2019 11:18:46 -0500 Subject: [PATCH 04/17] Increase width of user popup --- web/skins/classic/js/base.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/skins/classic/js/base.js b/web/skins/classic/js/base.js index b77b350ef..41bec4ed9 100644 --- a/web/skins/classic/js/base.js +++ b/web/skins/classic/js/base.js @@ -64,7 +64,7 @@ var popupSizes = { 'stats': {'width': 840, 'height': 200}, 'storage': {'width': 600, 'height': 405}, 'timeline': {'width': 760, 'height': 540}, - 'user': {'width': 360, 'height': 720}, + 'user': {'width': 460, 'height': 720}, 'version': {'width': 360, 'height': 185}, 'video': {'width': 420, 'height': 360}, 'videoview': {'addWidth': 48, 'addHeight': 80}, From b1cc7bf837aa041336e7ae5ebea2f4c0d546c071 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 23 Jan 2019 11:20:31 -0500 Subject: [PATCH 05/17] fix code style --- web/skins/classic/views/user.php | 53 +++++++++++++++----------------- 1 file changed, 24 insertions(+), 29 deletions(-) diff --git a/web/skins/classic/views/user.php b/web/skins/classic/views/user.php index ee0c7428c..95ed639a5 100644 --- a/web/skins/classic/views/user.php +++ b/web/skins/classic/views/user.php @@ -20,15 +20,14 @@ $selfEdit = ZM_USER_SELF_EDIT && $_REQUEST['uid'] == $user['Id']; -if ( !canEdit( 'System' ) && !$selfEdit ) -{ - $view = "error"; - return; +if ( !canEdit('System') && !$selfEdit ) { + $view = 'error'; + return; } if ( $_REQUEST['uid'] ) { - if ( !($newUser = dbFetchOne( 'SELECT * FROM Users WHERE Id = ?', NULL, ARRAY($_REQUEST['uid'])) ) ) { - $view = "error"; + if ( !($newUser = dbFetchOne('SELECT * FROM Users WHERE Id = ?', NULL, ARRAY($_REQUEST['uid']))) ) { + $view = 'error'; return; } } else { @@ -38,29 +37,28 @@ if ( $_REQUEST['uid'] ) { $newUser['MonitorIds'] = ''; } -$monitorIds = array_flip(explode( ',', $newUser['MonitorIds'] )); +$monitorIds = array_flip(explode(',', $newUser['MonitorIds'])); $yesno = array( 0=>translate('No'), 1=>translate('Yes') ); $nv = array( 'None'=>translate('None'), 'View'=>translate('View') ); $nve = array( 'None'=>translate('None'), 'View'=>translate('View'), 'Edit'=>translate('Edit') ); -$bandwidths = array_merge( array( ""=>"" ), $bandwidth_options ); -$langs = array_merge( array( ""=>"" ), getLanguages() ); +$bandwidths = array_merge( array( ''=>'' ), $bandwidth_options ); +$langs = array_merge( array( ''=>'' ), getLanguages() ); -$sql = "select Id,Name from Monitors order by Sequence asc"; +$sql = 'SELECT Id,Name FROM Monitors ORDER BY Sequence ASC'; $monitors = array(); -foreach( dbFetchAll( $sql ) as $monitor ) -{ - $monitors[] = $monitor; +foreach( dbFetchAll($sql) as $monitor ) { + $monitors[] = $monitor; } $focusWindow = true; -xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] ); +xhtmlHeaders(__FILE__, translate('User').' - '.$newUser['Username']); ?>
@@ -68,11 +66,10 @@ xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] ); - +
@@ -83,19 +80,18 @@ if ( canEdit( 'System' ) ) ?> - + - + @@ -134,14 +130,12 @@ if ( canEdit( 'System' ) )
@@ -153,7 +147,8 @@ if ( canEdit( 'System' ) )
- + +
From 6eb4d7ae27553771b5b4ae3faa4684f2f3d3f9c0 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 23 Jan 2019 11:30:51 -0500 Subject: [PATCH 06/17] Filter improvements (#2438) * Put back code to close the popup when view is none * clean up and reduce depth of some logic * Increase width of user popup * fix code style * Make execute_filter work on a filter Id instead of name * rework logic to reduce code depth. Change view to events to display the results of execute. * Change the redirect to stay on the new view. When redirecting from executing a filter, it was redirecting to filter. * Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing --- web/includes/actions/filter.php | 109 ++++++++++++++------------- web/includes/functions.php | 10 +-- web/index.php | 56 +++++++------- web/skins/classic/js/base.js | 2 +- web/skins/classic/views/events.php | 4 +- web/skins/classic/views/filter.php | 12 +-- web/skins/classic/views/js/filter.js | 24 +++--- web/skins/classic/views/none.php | 6 ++ web/skins/classic/views/user.php | 53 ++++++------- 9 files changed, 141 insertions(+), 135 deletions(-) diff --git a/web/includes/actions/filter.php b/web/includes/actions/filter.php index 4067bdf9c..782d93885 100644 --- a/web/includes/actions/filter.php +++ b/web/includes/actions/filter.php @@ -19,63 +19,64 @@ // // Event scope actions, view permissions only required -if ( canView('Events') ) { +if ( !canView('Events') ) { + Warning('You do not have permission to view Events.'); + return; +} - if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) { - if ( $action == 'addterm' ) { - $_REQUEST['filter'] = addFilterTerm($_REQUEST['filter'], $_REQUEST['line']); - } elseif ( $action == 'delterm' ) { - $_REQUEST['filter'] = delFilterTerm($_REQUEST['filter'], $_REQUEST['line']); - } else if ( canEdit('Events') ) { - if ( $action == 'delete' ) { - if ( ! empty($_REQUEST['Id']) ) { - dbQuery('DELETE FROM Filters WHERE Id=?', array($_REQUEST['Id'])); - } - } else if ( ( $action == 'Save' ) or ( $action == 'SaveAs' ) or ( $action == 'execute' ) ) { - # or ( $action == 'submit' ) ) { +if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) { + if ( $action == 'addterm' ) { + $_REQUEST['filter'] = addFilterTerm($_REQUEST['filter'], $_REQUEST['line']); + } elseif ( $action == 'delterm' ) { + $_REQUEST['filter'] = delFilterTerm($_REQUEST['filter'], $_REQUEST['line']); + } else if ( canEdit('Events') ) { + if ( $action == 'delete' ) { + if ( !empty($_REQUEST['Id']) ) { + dbQuery('DELETE FROM Filters WHERE Id=?', array($_REQUEST['Id'])); + } + } else if ( ( $action == 'Save' ) or ( $action == 'SaveAs' ) or ( $action == 'execute' ) ) { - $sql = ''; - $_REQUEST['filter']['Query']['sort_field'] = validStr($_REQUEST['filter']['Query']['sort_field']); - $_REQUEST['filter']['Query']['sort_asc'] = validStr($_REQUEST['filter']['Query']['sort_asc']); - $_REQUEST['filter']['Query']['limit'] = validInt($_REQUEST['filter']['Query']['limit']); - if ( $action == 'execute' ) { - $tempFilterName = '_TempFilter'.time(); - $sql .= ' Name = \''.$tempFilterName.'\''; - } else { - $sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']); - } - $sql .= ', Query = '.dbEscape(jsonEncode($_REQUEST['filter']['Query'])); - $sql .= ', AutoArchive = '.(!empty($_REQUEST['filter']['AutoArchive']) ? 1 : 0); - $sql .= ', AutoVideo = '. ( !empty($_REQUEST['filter']['AutoVideo']) ? 1 : 0); - $sql .= ', AutoUpload = '. ( !empty($_REQUEST['filter']['AutoUpload']) ? 1 : 0); - $sql .= ', AutoEmail = '. ( !empty($_REQUEST['filter']['AutoEmail']) ? 1 : 0); - $sql .= ', AutoMessage = '. ( !empty($_REQUEST['filter']['AutoMessage']) ? 1 : 0); - $sql .= ', AutoExecute = '. ( !empty($_REQUEST['filter']['AutoExecute']) ? 1 : 0); - $sql .= ', AutoExecuteCmd = '.dbEscape($_REQUEST['filter']['AutoExecuteCmd']); - $sql .= ', AutoDelete = '. ( !empty($_REQUEST['filter']['AutoDelete']) ? 1 : 0); - if ( !empty($_REQUEST['filter']['AutoMove']) ? 1 : 0) { - $sql .= ', AutoMove = 1, AutoMoveTo='. validInt($_REQUEST['filter']['AutoMoveTo']); - } else { - $sql .= ', AutoMove = 0'; - } - $sql .= ', UpdateDiskSpace = '. ( !empty($_REQUEST['filter']['UpdateDiskSpace']) ? 1 : 0); - $sql .= ', Background = '. ( !empty($_REQUEST['filter']['Background']) ? 1 : 0); - $sql .= ', Concurrent = '. ( !empty($_REQUEST['filter']['Concurrent']) ? 1 : 0); + $sql = ''; + $_REQUEST['filter']['Query']['sort_field'] = validStr($_REQUEST['filter']['Query']['sort_field']); + $_REQUEST['filter']['Query']['sort_asc'] = validStr($_REQUEST['filter']['Query']['sort_asc']); + $_REQUEST['filter']['Query']['limit'] = validInt($_REQUEST['filter']['Query']['limit']); + if ( $action == 'execute' ) { + $tempFilterName = '_TempFilter'.time(); + $sql .= ' Name = \''.$tempFilterName.'\''; + } else { + $sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']); + } + $sql .= ', Query = '.dbEscape(jsonEncode($_REQUEST['filter']['Query'])); + $sql .= ', AutoArchive = '.(!empty($_REQUEST['filter']['AutoArchive']) ? 1 : 0); + $sql .= ', AutoVideo = '. ( !empty($_REQUEST['filter']['AutoVideo']) ? 1 : 0); + $sql .= ', AutoUpload = '. ( !empty($_REQUEST['filter']['AutoUpload']) ? 1 : 0); + $sql .= ', AutoEmail = '. ( !empty($_REQUEST['filter']['AutoEmail']) ? 1 : 0); + $sql .= ', AutoMessage = '. ( !empty($_REQUEST['filter']['AutoMessage']) ? 1 : 0); + $sql .= ', AutoExecute = '. ( !empty($_REQUEST['filter']['AutoExecute']) ? 1 : 0); + $sql .= ', AutoExecuteCmd = '.dbEscape($_REQUEST['filter']['AutoExecuteCmd']); + $sql .= ', AutoDelete = '. ( !empty($_REQUEST['filter']['AutoDelete']) ? 1 : 0); + if ( !empty($_REQUEST['filter']['AutoMove']) ? 1 : 0) { + $sql .= ', AutoMove = 1, AutoMoveTo='. validInt($_REQUEST['filter']['AutoMoveTo']); + } else { + $sql .= ', AutoMove = 0'; + } + $sql .= ', UpdateDiskSpace = '. ( !empty($_REQUEST['filter']['UpdateDiskSpace']) ? 1 : 0); + $sql .= ', Background = '. ( !empty($_REQUEST['filter']['Background']) ? 1 : 0); + $sql .= ', Concurrent = '. ( !empty($_REQUEST['filter']['Concurrent']) ? 1 : 0); - if ( $_REQUEST['Id'] and ( $action == 'Save' ) ) { - dbQuery('UPDATE Filters SET ' . $sql. ' WHERE Id=?', array($_REQUEST['Id'])); - } else { - dbQuery('INSERT INTO Filters SET' . $sql); - $_REQUEST['Id'] = dbInsertId(); - } - if ( $action == 'execute' ) { - executeFilter( $tempFilterName ); - } + if ( $_REQUEST['Id'] and ( $action == 'Save' ) ) { + dbQuery('UPDATE Filters SET '.$sql.' WHERE Id=?', array($_REQUEST['Id'])); + } else { + dbQuery('INSERT INTO Filters SET'.$sql); + $_REQUEST['Id'] = dbInsertId(); + } + if ( $action == 'execute' ) { + executeFilter($_REQUEST['Id']); + $view = 'events'; + } - } // end if save or execute - } // end if canEdit(Events) - return; - } // end if object == filter -} // end canView(Events) + } // end if save or execute + } // end if canEdit(Events) +} // end if object == filter ?> diff --git a/web/includes/functions.php b/web/includes/functions.php index 154a26046..77cd1ca47 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -958,11 +958,11 @@ Logger::Debug("generating Video $command: result($result outptu:(".implode("\n", return( $status?"":rtrim($result) ); } -function executeFilter( $filter ) { - $command = ZM_PATH_BIN."/zmfilter.pl --filter ".escapeshellarg($filter); - $result = exec( $command, $output, $status ); - dbQuery( "delete from Filters where Name like '_TempFilter%'" ); - return( $status ); +function executeFilter( $filter_id ) { + $command = ZM_PATH_BIN.'/zmfilter.pl --filter_id '.escapeshellarg($filter_id); + $result = exec($command, $output, $status); + dbQuery('DELETE FROM Filters WHERE Id=?', array($filter_id)); + return $status; } # This takes more than one scale amount, so it runs through each and alters dimension. diff --git a/web/index.php b/web/index.php index 7d13e9ce1..5190fad65 100644 --- a/web/index.php +++ b/web/index.php @@ -51,7 +51,6 @@ require_once('includes/Event.php'); require_once('includes/Group.php'); require_once('includes/Monitor.php'); - if ( (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') or @@ -118,12 +117,12 @@ $skinBase[] = $skin; $currentCookieParams = session_get_cookie_params(); //Logger::Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)'); session_set_cookie_params( - $currentCookieParams['lifetime'], - $currentCookieParams['path'], - $currentCookieParams['domain'], - $currentCookieParams['secure'], - true -); + $currentCookieParams['lifetime'], + $currentCookieParams['path'], + $currentCookieParams['domain'], + $currentCookieParams['secure'], + true +); ini_set('session.name', 'ZMSESSID'); @@ -166,6 +165,7 @@ if ( !is_writable(ZM_DIR_EVENTS) ) { } # Globals +$action = null; $error_message = null; $redirect = null; $view = null; @@ -185,9 +185,9 @@ foreach ( getSkinIncludes('skin.php') as $includeFile ) # User Login will be performed in auth.php require_once('includes/auth.php'); -if ( isset($_REQUEST['action']) ) { +if ( isset($_REQUEST['action']) ) $action = detaintPath($_REQUEST['action']); -} + # The only variable we really need to set is action. The others are informal. isset($view) || $view = NULL; @@ -244,27 +244,27 @@ if ( $request ) { require_once $includeFile; } return; -} else { - if ( $includeFiles = getSkinIncludes('views/'.$view.'.php', true, true) ) { - foreach ( $includeFiles as $includeFile ) { - if ( !file_exists($includeFile) ) - Fatal("View '$view' does not exist"); - require_once $includeFile; - } - // If the view overrides $view to 'error', and the user is not logged in, then the - // issue is probably resolvable by logging in, so provide the opportunity to do so. - // The login view should handle redirecting to the correct location afterward. - if ( $view == 'error' && !isset($user) ) { - $view = 'login'; - foreach ( getSkinIncludes('views/login.php', true, true) as $includeFile ) - require_once $includeFile; - } +} + +if ( $includeFiles = getSkinIncludes('views/'.$view.'.php', true, true) ) { + foreach ( $includeFiles as $includeFile ) { + if ( !file_exists($includeFile) ) + Fatal("View '$view' does not exist"); + require_once $includeFile; } - // If the view is missing or the view still returned error with the user logged in, - // then it is not recoverable. - if ( !$includeFiles || $view == 'error' ) { - foreach ( getSkinIncludes('views/error.php', true, true) as $includeFile ) + // If the view overrides $view to 'error', and the user is not logged in, then the + // issue is probably resolvable by logging in, so provide the opportunity to do so. + // The login view should handle redirecting to the correct location afterward. + if ( $view == 'error' && !isset($user) ) { + $view = 'login'; + foreach ( getSkinIncludes('views/login.php', true, true) as $includeFile ) require_once $includeFile; } } +// If the view is missing or the view still returned error with the user logged in, +// then it is not recoverable. +if ( !$includeFiles || $view == 'error' ) { + foreach ( getSkinIncludes('views/error.php', true, true) as $includeFile ) + require_once $includeFile; +} ?> diff --git a/web/skins/classic/js/base.js b/web/skins/classic/js/base.js index b77b350ef..41bec4ed9 100644 --- a/web/skins/classic/js/base.js +++ b/web/skins/classic/js/base.js @@ -64,7 +64,7 @@ var popupSizes = { 'stats': {'width': 840, 'height': 200}, 'storage': {'width': 600, 'height': 405}, 'timeline': {'width': 760, 'height': 540}, - 'user': {'width': 360, 'height': 720}, + 'user': {'width': 460, 'height': 720}, 'version': {'width': 360, 'height': 185}, 'video': {'width': 420, 'height': 360}, 'videoview': {'addWidth': 48, 'addHeight': 80}, diff --git a/web/skins/classic/views/events.php b/web/skins/classic/views/events.php index 1ae446b9e..885924e64 100644 --- a/web/skins/classic/views/events.php +++ b/web/skins/classic/views/events.php @@ -79,7 +79,9 @@ $pagination = getPagination($pages, $page, $maxShortcuts, $filterQuery.$sortQuer $focusWindow = true; if ( $_POST ) { - header('Location: ' . $_SERVER['REQUEST_URI'].htmlspecialchars_decode($filterQuery).htmlspecialchars_decode($sortQuery).$limitQuery.'&page='.$page); + // I think this is basically so that a refresh doesn't repost + Logger::Debug("Redirecting to " . $_SERVER['REQUEST_URI']); + header('Location: ?view=' . $view.htmlspecialchars_decode($filterQuery).htmlspecialchars_decode($sortQuery).$limitQuery.'&page='.$page); exit(); } diff --git a/web/skins/classic/views/filter.php b/web/skins/classic/views/filter.php index bbce2973d..403a9b440 100644 --- a/web/skins/classic/views/filter.php +++ b/web/skins/classic/views/filter.php @@ -50,7 +50,7 @@ if ( isset($_REQUEST['sort_field']) && isset($_REQUEST['filter']) ) { } if ( isset($_REQUEST['filter']) ) { - $filter->set( $_REQUEST['filter'] ); + $filter->set($_REQUEST['filter']); # Update our filter object with whatever changes we have made before saving } @@ -58,7 +58,7 @@ $conjunctionTypes = getFilterQueryConjunctionTypes(); $obracketTypes = array(); $cbracketTypes = array(); -if (count($filter->terms()) > 0) { +if ( count($filter->terms()) > 0 ) { $terms = $filter->terms(); } else { $terms[] = array(); @@ -177,9 +177,9 @@ if ( (null !== $filter->Concurrent()) and $filter->Concurrent() ) ?>
-
+ - +
@@ -393,7 +393,7 @@ if ( ZM_OPT_MESSAGE ) {

AutoMove() ) { ?> checked="checked" onclick="updateButtons(this);if(this.checked){$j(this.form.elements['filter[AutoMoveTo]']).css('display','inline');}else{this.form.elements['filter[AutoMoveTo]'].hide();};"/> - AutoMoveTo(), $filter->AutoMove() ? null : array('style'=>'display:none;' ) ); ?> + AutoMoveTo(), $filter->AutoMove() ? null : array('style'=>'display:none;' )); ?>

@@ -407,7 +407,7 @@ if ( ZM_OPT_MESSAGE ) {

- + diff --git a/web/skins/classic/views/js/filter.js b/web/skins/classic/views/js/filter.js index 2a211681d..f6f5b43e8 100644 --- a/web/skins/classic/views/js/filter.js +++ b/web/skins/classic/views/js/filter.js @@ -7,20 +7,21 @@ function validateForm( form ) { obrCount += parseInt(form.elements['filter[Query][terms][' + i + '][obr]'].value); cbrCount += parseInt(form.elements['filter[Query][terms][' + i + '][cbr]'].value); } - if (form.elements['filter[Query][terms][' + i + '][val]'].value == '') { - alert( errorValue ); + if ( form.elements['filter[Query][terms][' + i + '][val]'].value == '' ) { + alert(errorValue); return false; } } - if (obrCount - cbrCount != 0) { - alert( errorBrackets ); + if ( (obrCount - cbrCount) != 0 ) { + alert(errorBrackets); return false; } var numbers_reg = /\D/; - if ( numbers_reg.test( form.elements['filter[Query][limit]'].value ) ) { - alert( "There appear to be non-numeric characters in your limit. Limit must be a positive integer value or empty." ); + if ( numbers_reg.test(form.elements['filter[Query][limit]'].value) ) { + alert("There appear to be non-numeric characters in your limit. Limit must be a positive integer value or empty."); return false; } + console.log("Success validating"); return true; } @@ -82,9 +83,10 @@ function submitToEvents( element ) { function executeFilter( element ) { var form = element.form; - form.action = thisUrl + '?view=events'; + form.action = thisUrl + '?view=filter'; form.elements['action'].value = 'execute'; - history.replaceState(null, null, '?view=filter&' + $j(form).serialize()); + form.submit(); + //history.replaceState(null, null, '?view=filter&' + $j(form).serialize()); } function saveFilter( element ) { @@ -228,12 +230,12 @@ function stringFilter(term) { function addTerm( element ) { var row = $j(element).closest('tr'); - row.find('select').chosen("destroy"); + row.find('select').chosen('destroy'); var newRow = row.clone().insertAfter(row); - row.find('select').chosen({width: "101%"}); + row.find('select').chosen({width: '101%'}); newRow.find('select').each( function() { //reset new row to default this[0].selected = 'selected'; - }).chosen({width: "101%"}); + }).chosen({width: '101%'}); newRow.find('input[type="text"]').val(''); var rows = $j(row).parent().children(); parseRows(rows); diff --git a/web/skins/classic/views/none.php b/web/skins/classic/views/none.php index e52105331..da04ed19b 100644 --- a/web/skins/classic/views/none.php +++ b/web/skins/classic/views/none.php @@ -32,6 +32,12 @@ require_once($skinJsPhpFile); ?> + diff --git a/web/skins/classic/views/user.php b/web/skins/classic/views/user.php index ee0c7428c..95ed639a5 100644 --- a/web/skins/classic/views/user.php +++ b/web/skins/classic/views/user.php @@ -20,15 +20,14 @@ $selfEdit = ZM_USER_SELF_EDIT && $_REQUEST['uid'] == $user['Id']; -if ( !canEdit( 'System' ) && !$selfEdit ) -{ - $view = "error"; - return; +if ( !canEdit('System') && !$selfEdit ) { + $view = 'error'; + return; } if ( $_REQUEST['uid'] ) { - if ( !($newUser = dbFetchOne( 'SELECT * FROM Users WHERE Id = ?', NULL, ARRAY($_REQUEST['uid'])) ) ) { - $view = "error"; + if ( !($newUser = dbFetchOne('SELECT * FROM Users WHERE Id = ?', NULL, ARRAY($_REQUEST['uid']))) ) { + $view = 'error'; return; } } else { @@ -38,29 +37,28 @@ if ( $_REQUEST['uid'] ) { $newUser['MonitorIds'] = ''; } -$monitorIds = array_flip(explode( ',', $newUser['MonitorIds'] )); +$monitorIds = array_flip(explode(',', $newUser['MonitorIds'])); $yesno = array( 0=>translate('No'), 1=>translate('Yes') ); $nv = array( 'None'=>translate('None'), 'View'=>translate('View') ); $nve = array( 'None'=>translate('None'), 'View'=>translate('View'), 'Edit'=>translate('Edit') ); -$bandwidths = array_merge( array( ""=>"" ), $bandwidth_options ); -$langs = array_merge( array( ""=>"" ), getLanguages() ); +$bandwidths = array_merge( array( ''=>'' ), $bandwidth_options ); +$langs = array_merge( array( ''=>'' ), getLanguages() ); -$sql = "select Id,Name from Monitors order by Sequence asc"; +$sql = 'SELECT Id,Name FROM Monitors ORDER BY Sequence ASC'; $monitors = array(); -foreach( dbFetchAll( $sql ) as $monitor ) -{ - $monitors[] = $monitor; +foreach( dbFetchAll($sql) as $monitor ) { + $monitors[] = $monitor; } $focusWindow = true; -xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] ); +xhtmlHeaders(__FILE__, translate('User').' - '.$newUser['Username']); ?>
@@ -68,11 +66,10 @@ xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] ); - +
@@ -83,19 +80,18 @@ if ( canEdit( 'System' ) ) ?> - + - + @@ -134,14 +130,12 @@ if ( canEdit( 'System' ) )
@@ -153,7 +147,8 @@ if ( canEdit( 'System' ) )
- + +
From e53678f86982c5fce88c9f6a704847db419108c0 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 23 Jan 2019 12:22:00 -0500 Subject: [PATCH 07/17] Can't use a normal subsitution on the Order by field. So parse the sort param instead --- web/ajax/status.php | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/web/ajax/status.php b/web/ajax/status.php index 5d8b90aa6..7692b2e67 100644 --- a/web/ajax/status.php +++ b/web/ajax/status.php @@ -270,14 +270,32 @@ function collectData() { } $index++; } - $sql .= ' where '.join( ' and ', $where ); + $sql .= ' WHERE '.join( ' AND ', $where ); } if ( $groupSql ) $sql .= ' GROUP BY '.join( ',', array_unique( $groupSql ) ); if ( !empty($_REQUEST['sort']) ) { - $sql .= ' order by :sort'; - $values[':sort'] = $_REQUEST['sort']; - } + $sql .= ' ORDER BY '; + $sort_fields = explode(',',$_REQUEST['sort']); + foreach ( $sort_fields as $sort_field ) { + + preg_match('/^(\w+)\s*(ASC|DESC)?( NULLS FIRST)?$/i', $sort_field, $matches); + if ( count($matches) ) { + if ( in_array($matches[1], $fieldSql) ) { + $sql .= $matches[1]; + } else { + Error('Sort field ' . $matches[1] . ' not in SQL Fields'); + } + if ( count($matches) > 2 ) { + $sql .= ' '.strtoupper($matches[2]); + if ( count($matches) > 3 ) + $sql .= ' '.strtoupper($matches[3]); + } + } else { + Error("Sort field didn't match regexp $sort_field"); + } + } # end foreach sort field + } # end if has sort if ( !empty($entitySpec['limit']) ) $limit = $entitySpec['limit']; elseif ( !empty($_REQUEST['count']) ) From 59cc65411f02c7e39a270fda3ecb4966d7b48d41 Mon Sep 17 00:00:00 2001 From: Matthew Noorenberghe Date: Wed, 23 Jan 2019 19:40:38 -0800 Subject: [PATCH 08/17] plugin.php: Fix XSS and directory traversal bugs. Fixes #2436 This view seems like dead code so maybe it should be removed instead. --- web/skins/classic/views/plugin.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/web/skins/classic/views/plugin.php b/web/skins/classic/views/plugin.php index 7b4cf85ca..814416058 100644 --- a/web/skins/classic/views/plugin.php +++ b/web/skins/classic/views/plugin.php @@ -36,7 +36,8 @@ if ( $zid > 0 ) { return; } $monitor = dbFetchMonitor ( $mid ); -$plugin = $_REQUEST['pl']; +// Only allow certain filename characters (not including a period) to prevent directory traversal. +$plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']); $plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin; @@ -103,7 +104,7 @@ function pLang($name)
@@ -111,7 +112,7 @@ function pLang($name) - +
From 47d8c9b066daeaded6f3f658555409e01bfc1ff7 Mon Sep 17 00:00:00 2001 From: Matthew Noorenberghe Date: Wed, 23 Jan 2019 19:45:57 -0800 Subject: [PATCH 09/17] plugin.php: Remove undefined onclick function reference and enforce CSP Also fix tag closing. --- web/includes/functions.php | 1 + web/skins/classic/views/plugin.php | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 77cd1ca47..c5c17e17d 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -55,6 +55,7 @@ function CSPHeaders($view, $nonce) { case 'log': case 'logout': case 'options': + case 'plugin': case 'privacy': case 'storage': case 'version': { diff --git a/web/skins/classic/views/plugin.php b/web/skins/classic/views/plugin.php index 814416058..4f3b4ccf2 100644 --- a/web/skins/classic/views/plugin.php +++ b/web/skins/classic/views/plugin.php @@ -144,8 +144,9 @@ foreach($pluginOptions as $name => $popt) - + + $popt) ?>
- disabled="disabled"/> + disabled="disabled"/>
From a3e8fd4fd5b579865f35aac3b964bc78d5b7a94a Mon Sep 17 00:00:00 2001 From: Matthew Noorenberghe Date: Thu, 24 Jan 2019 23:40:08 -0800 Subject: [PATCH 10/17] Fix zones.php self-xss. Fixes #2444 --- web/skins/classic/views/zones.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/skins/classic/views/zones.php b/web/skins/classic/views/zones.php index 5446676b4..c66ffd000 100644 --- a/web/skins/classic/views/zones.php +++ b/web/skins/classic/views/zones.php @@ -74,8 +74,8 @@ xhtmlHeaders(__FILE__, translate('Zones') ); foreach( $zones as $zone ) { ?> - Width(), $monitor->Height()), $zone['Name'], true, 'onclick="streamCmdQuit( true ); return( false );"'); ?> - + Width(), $monitor->Height()), validHtmlStr($zone['Name']), true, 'onclick="streamCmdQuit( true ); return( false );"'); ?> +  / Width()*$monitor->Height()) ) ?> disabled="disabled"/> From a81e7c522190928e2a960363aed3a709a73316b6 Mon Sep 17 00:00:00 2001 From: Steve Gilvarry Date: Sat, 26 Jan 2019 00:33:31 +1100 Subject: [PATCH 11/17] Safer_username and safer_login should be based on the username and login (#2482) (lengths * 2)+1. Control input lengths at user input --- src/zm_user.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index ab0aa2953..0971a5a27 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -89,13 +89,13 @@ bool User::canAccess( int monitor_id ) { // Please note that in auth relay mode = none, password is NULL User *zmLoadUser( const char *username, const char *password ) { char sql[ZM_SQL_MED_BUFSIZ] = ""; - char safer_username[65]; // current db username size is 32 + char *safer_username = new char[(strlen(username) * 2) + 1]; // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator. mysql_real_escape_string(&dbconn, safer_username, username, strlen( username ) ); if ( password ) { - char safer_password[129]; // current db password size is 64 + char *safer_password = new char[(strlen(password) * 2) +1]; mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) ); snprintf(sql, sizeof(sql), "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" From fd6179d7c83eb04b7d4ed30a59f4da0961f26759 Mon Sep 17 00:00:00 2001 From: Matt N Date: Fri, 25 Jan 2019 05:34:29 -0800 Subject: [PATCH 12/17] Enforce CSP on many more views (#2480) --- web/includes/functions.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/web/includes/functions.php b/web/includes/functions.php index c5c17e17d..05761ddeb 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -51,12 +51,20 @@ function CSPHeaders($view, $nonce) { case 'blank': case 'console': case 'controlcap': + case 'cycle': + case 'donate': + case 'error': case 'function': case 'log': case 'logout': + case 'optionhelp': case 'options': case 'plugin': + case 'postlogin': case 'privacy': + case 'server': + case 'state': + case 'status': case 'storage': case 'version': { // Enforce script-src on pages where inline scripts and event handlers have been fixed. From 8c5687ca308e441742725e0aff9075779fa1a498 Mon Sep 17 00:00:00 2001 From: Matt N Date: Fri, 25 Jan 2019 05:35:07 -0800 Subject: [PATCH 13/17] Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479) --- web/includes/functions.php | 3 +++ web/skins/classic/views/controlcaps.php | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 05761ddeb..a9cf815b4 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -450,6 +450,9 @@ function makeLink( $url, $label, $condition=1, $options='' ) { return( $string ); } +/** + * $label must be already escaped. It can't be done here since it sometimes contains HTML tags. + */ function makePopupLink( $url, $winName, $winSize, $label, $condition=1, $options='' ) { // Avoid double-encoding since some consumers incorrectly pass a pre-escaped URL. $string = ' - + - + From 6d7660cdbd4b3c43315834640ae06cfc17b0ee0e Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 25 Jan 2019 08:46:40 -0500 Subject: [PATCH 14/17] Now that we are dynamically allocating safer_username and safer_password, need to free them. Also, don't strlen them multiple times for efficiency --- src/zm_user.cpp | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/zm_user.cpp b/src/zm_user.cpp index 0971a5a27..6dbfb56fa 100644 --- a/src/zm_user.cpp +++ b/src/zm_user.cpp @@ -89,18 +89,21 @@ bool User::canAccess( int monitor_id ) { // Please note that in auth relay mode = none, password is NULL User *zmLoadUser( const char *username, const char *password ) { char sql[ZM_SQL_MED_BUFSIZ] = ""; - char *safer_username = new char[(strlen(username) * 2) + 1]; + int username_length = strlen(username); + char *safer_username = new char[(username_length * 2) + 1]; // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator. - mysql_real_escape_string(&dbconn, safer_username, username, strlen( username ) ); + mysql_real_escape_string(&dbconn, safer_username, username, username_length ); if ( password ) { - char *safer_password = new char[(strlen(password) * 2) +1]; - mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) ); + int password_length = strlen(password); + char *safer_password = new char[(password_length * 2) + 1]; + mysql_real_escape_string(&dbconn, safer_password, password, password_length); snprintf(sql, sizeof(sql), "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" " FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1", safer_username, safer_password ); + delete safer_password; } else { snprintf(sql, sizeof(sql), "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" @@ -131,6 +134,7 @@ User *zmLoadUser( const char *username, const char *password ) { Info("Authenticated user '%s'", user->getUsername()); mysql_free_result(result); + delete safer_username; return user; } From 7ea8be3fa8194acb7f181ff763d65f70f112ca4c Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Fri, 25 Jan 2019 09:22:08 -0500 Subject: [PATCH 15/17] spacing, remove non html5 elements --- web/skins/classic/views/watch.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/skins/classic/views/watch.php b/web/skins/classic/views/watch.php index 786867eec..6aae4808d 100644 --- a/web/skins/classic/views/watch.php +++ b/web/skins/classic/views/watch.php @@ -145,10 +145,10 @@ if ( $showPtzControls ) {
Type() != 'WebSite' ) { +if ( canView('Events') && ($monitor->Type() != 'WebSite') ) { ?>
- +
From 2e2404643f9f3c54c381ec5fa6d14576d53e8a71 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 30 Jan 2019 13:20:24 -0500 Subject: [PATCH 16/17] Fix bandwidth due to new actions code. Update buttons on bandwidth popup --- web/includes/actions/bandwidth.php | 2 ++ web/skins/classic/views/bandwidth.php | 30 +++++++++++++-------------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/web/includes/actions/bandwidth.php b/web/includes/actions/bandwidth.php index 8a9056cd2..c5fafa1c9 100644 --- a/web/includes/actions/bandwidth.php +++ b/web/includes/actions/bandwidth.php @@ -23,5 +23,7 @@ if ( $action == 'bandwidth' && isset($_REQUEST['newBandwidth']) ) { $_COOKIE['zmBandwidth'] = validStr($_REQUEST['newBandwidth']); setcookie('zmBandwidth', validStr($_REQUEST['newBandwidth']), time()+3600*24*30*12*10); $refreshParent = true; + $view = 'none'; + $closePopup = true; } ?> diff --git a/web/skins/classic/views/bandwidth.php b/web/skins/classic/views/bandwidth.php index ca8d1c6ce..2d4fbc5bf 100644 --- a/web/skins/classic/views/bandwidth.php +++ b/web/skins/classic/views/bandwidth.php @@ -20,22 +20,19 @@ $newBandwidth = $_COOKIE['zmBandwidth']; -if ( $user && !empty($user['MaxBandwidth']) ) -{ - if ( $user['MaxBandwidth'] == "low" ) - { - unset( $bandwidth_options['high'] ); - unset( $bandwidth_options['medium'] ); - } - elseif ( $user['MaxBandwidth'] == "medium" ) - { - unset( $bandwidth_options['high'] ); - } +# Limit available options to what are available in user +if ( $user && !empty($user['MaxBandwidth']) ) { + if ( $user['MaxBandwidth'] == 'low' ) { + unset($bandwidth_options['high']); + unset($bandwidth_options['medium']); + } else if ( $user['MaxBandwidth'] == 'medium' ) { + unset($bandwidth_options['high']); + } } $focusWindow = true; -xhtmlHeaders(__FILE__, translate('Bandwidth') ); +xhtmlHeaders(__FILE__, translate('Bandwidth')); ?>
@@ -43,13 +40,14 @@ xhtmlHeaders(__FILE__, translate('Bandwidth') );

-
- + +

-

+

- + +
From 604dbf87769a9f214e9bf59d7bf29a87ac421cbf Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Wed, 30 Jan 2019 14:36:46 -0500 Subject: [PATCH 17/17] fix state changing/etc --- web/includes/actions/state.php | 2 +- web/skins/classic/includes/functions.php | 2 +- web/skins/classic/views/js/state.js | 22 ++++++++--------- web/skins/classic/views/state.php | 6 ++--- web/skins/classic/views/status.php | 31 ++++++++++-------------- 5 files changed, 28 insertions(+), 35 deletions(-) diff --git a/web/includes/actions/state.php b/web/includes/actions/state.php index 70666145e..6b9cbd7cf 100644 --- a/web/includes/actions/state.php +++ b/web/includes/actions/state.php @@ -20,7 +20,7 @@ // System edit actions if ( !canEdit('System') ) { - Warning("Need System Permission to edit states"); + Warning('Need System Permission to edit states'); return; } if ( $action == 'state' ) { diff --git a/web/skins/classic/includes/functions.php b/web/skins/classic/includes/functions.php index c5c98c8e6..703cd49d3 100644 --- a/web/skins/classic/includes/functions.php +++ b/web/skins/classic/includes/functions.php @@ -131,7 +131,7 @@ echo output_link_if_exists( array( var $j = jQuery.noConflict(); // $j is now an alias to the jQuery function; creating the new alias is optional. - + diff --git a/web/skins/classic/views/js/state.js b/web/skins/classic/views/js/state.js index dd208a1c8..583e4f5cb 100644 --- a/web/skins/classic/views/js/state.js +++ b/web/skins/classic/views/js/state.js @@ -4,49 +4,47 @@ $j(document).ready(function() { runstate = $j(this).val(); if ( (runstate == 'stop') || (runstate == 'restart') || (runstate == 'start') || (runstate == 'default') ) { - $j("#btnDelete").prop( "disabled", true ); + $j("#btnDelete").prop("disabled", true); } else { - $j("#btnDelete").prop( "disabled", false ); + $j("#btnDelete").prop("disabled", false); } }); // Enable or disable the Save button when entering a new state $j("#newState").keyup(function() { length = $j(this).val().length; - console.log(length); - if (length < 1) { - $j("#btnSave").prop( "disabled", true ); + if ( length < 1 ) { + $j("#btnSave").prop("disabled", true); } else { - $j("#btnSave").prop( "disabled", false ); + $j("#btnSave").prop("disabled", false); } }); // Delete a state $j("#btnDelete").click(function() { - stateStuff( 'delete', $j("#runState").val( )); + stateStuff('delete', $j("#runState").val()); }); // Save a new state $j("#btnSave").click(function() { - stateStuff( 'save', undefined, $j("#newState").val() ); + stateStuff('save', undefined, $j("#newState").val()); }); // Change state $j("#btnApply").click(function() { - stateStuff( 'state', $j("#runState").val() ); + stateStuff('state', $j("#runState").val()); }); - function stateStuff( action, runState, newState ) { + function stateStuff(action, runState, newState) { var formData = { - 'view': 'console', + 'view': 'state', 'action': action, 'apply': 1, 'runState': runState, 'newState': newState }; - console.log(formData); $j("#pleasewait").toggleClass("hidden"); diff --git a/web/skins/classic/views/state.php b/web/skins/classic/views/state.php index 34a92c3df..e2e1e4b0b 100644 --- a/web/skins/classic/views/state.php +++ b/web/skins/classic/views/state.php @@ -18,7 +18,7 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // -if ( !canEdit( 'System' ) ) { +if ( !canEdit('System') ) { $view = 'error'; return; } @@ -32,7 +32,7 @@ if ( !canEdit( 'System' ) ) {

- + @@ -51,7 +51,7 @@ if ( $running ) { diff --git a/web/skins/classic/views/status.php b/web/skins/classic/views/status.php index ae5a7f632..cb4d3016a 100644 --- a/web/skins/classic/views/status.php +++ b/web/skins/classic/views/status.php @@ -18,20 +18,19 @@ // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // -if ( !canView( 'System' ) ) -{ - $view = "error"; - return; +if ( !canView('System') ) { + $view = 'error'; + return; } -$zmuCommand = getZmuCommand( " --list" ); -$result = exec( escapeshellcmd( $zmuCommand ), $output ); +$zmuCommand = getZmuCommand(' --list'); +$result = exec(escapeshellcmd($zmuCommand), $output); $refresh = ZM_WEB_REFRESH_STATUS; $url = '?view='.$view; noCacheHeaders(); -xhtmlHeaders(__FILE__, translate('Status') ); +xhtmlHeaders(__FILE__, translate('Status')); ?>
@@ -39,20 +38,18 @@ xhtmlHeaders(__FILE__, translate('Status') );

-
+
@@ -61,17 +58,15 @@ if ( $row = array_shift( $output ) ) ?>