Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas

This commit is contained in:
Isaac Connor 2019-01-30 15:19:01 -05:00
commit 2d560a176e
23 changed files with 244 additions and 207 deletions

View File

@ -89,18 +89,21 @@ bool User::canAccess( int monitor_id ) {
// Please note that in auth relay mode = none, password is NULL // Please note that in auth relay mode = none, password is NULL
User *zmLoadUser( const char *username, const char *password ) { User *zmLoadUser( const char *username, const char *password ) {
char sql[ZM_SQL_MED_BUFSIZ] = ""; char sql[ZM_SQL_MED_BUFSIZ] = "";
char safer_username[65]; // current db username size is 32 int username_length = strlen(username);
char *safer_username = new char[(username_length * 2) + 1];
// According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator. // According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
mysql_real_escape_string(&dbconn, safer_username, username, strlen( username ) ); mysql_real_escape_string(&dbconn, safer_username, username, username_length );
if ( password ) { if ( password ) {
char safer_password[129]; // current db password size is 64 int password_length = strlen(password);
mysql_real_escape_string(&dbconn, safer_password, password, strlen( password ) ); char *safer_password = new char[(password_length * 2) + 1];
mysql_real_escape_string(&dbconn, safer_password, password, password_length);
snprintf(sql, sizeof(sql), snprintf(sql, sizeof(sql),
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
" FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1", " FROM Users WHERE Username = '%s' AND Password = password('%s') AND Enabled = 1",
safer_username, safer_password ); safer_username, safer_password );
delete safer_password;
} else { } else {
snprintf(sql, sizeof(sql), snprintf(sql, sizeof(sql),
"SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds" "SELECT Id, Username, Password, Enabled, Stream+0, Events+0, Control+0, Monitors+0, System+0, MonitorIds"
@ -131,6 +134,7 @@ User *zmLoadUser( const char *username, const char *password ) {
Info("Authenticated user '%s'", user->getUsername()); Info("Authenticated user '%s'", user->getUsername());
mysql_free_result(result); mysql_free_result(result);
delete safer_username;
return user; return user;
} }

View File

@ -270,14 +270,32 @@ function collectData() {
} }
$index++; $index++;
} }
$sql .= ' where '.join( ' and ', $where ); $sql .= ' WHERE '.join( ' AND ', $where );
} }
if ( $groupSql ) if ( $groupSql )
$sql .= ' GROUP BY '.join( ',', array_unique( $groupSql ) ); $sql .= ' GROUP BY '.join( ',', array_unique( $groupSql ) );
if ( !empty($_REQUEST['sort']) ) { if ( !empty($_REQUEST['sort']) ) {
$sql .= ' order by :sort'; $sql .= ' ORDER BY ';
$values[':sort'] = $_REQUEST['sort']; $sort_fields = explode(',',$_REQUEST['sort']);
} foreach ( $sort_fields as $sort_field ) {
preg_match('/^(\w+)\s*(ASC|DESC)?( NULLS FIRST)?$/i', $sort_field, $matches);
if ( count($matches) ) {
if ( in_array($matches[1], $fieldSql) ) {
$sql .= $matches[1];
} else {
Error('Sort field ' . $matches[1] . ' not in SQL Fields');
}
if ( count($matches) > 2 ) {
$sql .= ' '.strtoupper($matches[2]);
if ( count($matches) > 3 )
$sql .= ' '.strtoupper($matches[3]);
}
} else {
Error("Sort field didn't match regexp $sort_field");
}
} # end foreach sort field
} # end if has sort
if ( !empty($entitySpec['limit']) ) if ( !empty($entitySpec['limit']) )
$limit = $entitySpec['limit']; $limit = $entitySpec['limit'];
elseif ( !empty($_REQUEST['count']) ) elseif ( !empty($_REQUEST['count']) )

View File

@ -23,5 +23,7 @@ if ( $action == 'bandwidth' && isset($_REQUEST['newBandwidth']) ) {
$_COOKIE['zmBandwidth'] = validStr($_REQUEST['newBandwidth']); $_COOKIE['zmBandwidth'] = validStr($_REQUEST['newBandwidth']);
setcookie('zmBandwidth', validStr($_REQUEST['newBandwidth']), time()+3600*24*30*12*10); setcookie('zmBandwidth', validStr($_REQUEST['newBandwidth']), time()+3600*24*30*12*10);
$refreshParent = true; $refreshParent = true;
$view = 'none';
$closePopup = true;
} }
?> ?>

View File

@ -19,63 +19,64 @@
// //
// Event scope actions, view permissions only required // Event scope actions, view permissions only required
if ( canView('Events') ) { if ( !canView('Events') ) {
Warning('You do not have permission to view Events.');
return;
}
if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) { if ( isset($_REQUEST['object']) and ( $_REQUEST['object'] == 'filter' ) ) {
if ( $action == 'addterm' ) { if ( $action == 'addterm' ) {
$_REQUEST['filter'] = addFilterTerm($_REQUEST['filter'], $_REQUEST['line']); $_REQUEST['filter'] = addFilterTerm($_REQUEST['filter'], $_REQUEST['line']);
} elseif ( $action == 'delterm' ) { } elseif ( $action == 'delterm' ) {
$_REQUEST['filter'] = delFilterTerm($_REQUEST['filter'], $_REQUEST['line']); $_REQUEST['filter'] = delFilterTerm($_REQUEST['filter'], $_REQUEST['line']);
} else if ( canEdit('Events') ) { } else if ( canEdit('Events') ) {
if ( $action == 'delete' ) { if ( $action == 'delete' ) {
if ( ! empty($_REQUEST['Id']) ) { if ( !empty($_REQUEST['Id']) ) {
dbQuery('DELETE FROM Filters WHERE Id=?', array($_REQUEST['Id'])); dbQuery('DELETE FROM Filters WHERE Id=?', array($_REQUEST['Id']));
} }
} else if ( ( $action == 'Save' ) or ( $action == 'SaveAs' ) or ( $action == 'execute' ) ) { } else if ( ( $action == 'Save' ) or ( $action == 'SaveAs' ) or ( $action == 'execute' ) ) {
# or ( $action == 'submit' ) ) {
$sql = ''; $sql = '';
$_REQUEST['filter']['Query']['sort_field'] = validStr($_REQUEST['filter']['Query']['sort_field']); $_REQUEST['filter']['Query']['sort_field'] = validStr($_REQUEST['filter']['Query']['sort_field']);
$_REQUEST['filter']['Query']['sort_asc'] = validStr($_REQUEST['filter']['Query']['sort_asc']); $_REQUEST['filter']['Query']['sort_asc'] = validStr($_REQUEST['filter']['Query']['sort_asc']);
$_REQUEST['filter']['Query']['limit'] = validInt($_REQUEST['filter']['Query']['limit']); $_REQUEST['filter']['Query']['limit'] = validInt($_REQUEST['filter']['Query']['limit']);
if ( $action == 'execute' ) { if ( $action == 'execute' ) {
$tempFilterName = '_TempFilter'.time(); $tempFilterName = '_TempFilter'.time();
$sql .= ' Name = \''.$tempFilterName.'\''; $sql .= ' Name = \''.$tempFilterName.'\'';
} else { } else {
$sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']); $sql .= ' Name = '.dbEscape($_REQUEST['filter']['Name']);
} }
$sql .= ', Query = '.dbEscape(jsonEncode($_REQUEST['filter']['Query'])); $sql .= ', Query = '.dbEscape(jsonEncode($_REQUEST['filter']['Query']));
$sql .= ', AutoArchive = '.(!empty($_REQUEST['filter']['AutoArchive']) ? 1 : 0); $sql .= ', AutoArchive = '.(!empty($_REQUEST['filter']['AutoArchive']) ? 1 : 0);
$sql .= ', AutoVideo = '. ( !empty($_REQUEST['filter']['AutoVideo']) ? 1 : 0); $sql .= ', AutoVideo = '. ( !empty($_REQUEST['filter']['AutoVideo']) ? 1 : 0);
$sql .= ', AutoUpload = '. ( !empty($_REQUEST['filter']['AutoUpload']) ? 1 : 0); $sql .= ', AutoUpload = '. ( !empty($_REQUEST['filter']['AutoUpload']) ? 1 : 0);
$sql .= ', AutoEmail = '. ( !empty($_REQUEST['filter']['AutoEmail']) ? 1 : 0); $sql .= ', AutoEmail = '. ( !empty($_REQUEST['filter']['AutoEmail']) ? 1 : 0);
$sql .= ', AutoMessage = '. ( !empty($_REQUEST['filter']['AutoMessage']) ? 1 : 0); $sql .= ', AutoMessage = '. ( !empty($_REQUEST['filter']['AutoMessage']) ? 1 : 0);
$sql .= ', AutoExecute = '. ( !empty($_REQUEST['filter']['AutoExecute']) ? 1 : 0); $sql .= ', AutoExecute = '. ( !empty($_REQUEST['filter']['AutoExecute']) ? 1 : 0);
$sql .= ', AutoExecuteCmd = '.dbEscape($_REQUEST['filter']['AutoExecuteCmd']); $sql .= ', AutoExecuteCmd = '.dbEscape($_REQUEST['filter']['AutoExecuteCmd']);
$sql .= ', AutoDelete = '. ( !empty($_REQUEST['filter']['AutoDelete']) ? 1 : 0); $sql .= ', AutoDelete = '. ( !empty($_REQUEST['filter']['AutoDelete']) ? 1 : 0);
if ( !empty($_REQUEST['filter']['AutoMove']) ? 1 : 0) { if ( !empty($_REQUEST['filter']['AutoMove']) ? 1 : 0) {
$sql .= ', AutoMove = 1, AutoMoveTo='. validInt($_REQUEST['filter']['AutoMoveTo']); $sql .= ', AutoMove = 1, AutoMoveTo='. validInt($_REQUEST['filter']['AutoMoveTo']);
} else { } else {
$sql .= ', AutoMove = 0'; $sql .= ', AutoMove = 0';
} }
$sql .= ', UpdateDiskSpace = '. ( !empty($_REQUEST['filter']['UpdateDiskSpace']) ? 1 : 0); $sql .= ', UpdateDiskSpace = '. ( !empty($_REQUEST['filter']['UpdateDiskSpace']) ? 1 : 0);
$sql .= ', Background = '. ( !empty($_REQUEST['filter']['Background']) ? 1 : 0); $sql .= ', Background = '. ( !empty($_REQUEST['filter']['Background']) ? 1 : 0);
$sql .= ', Concurrent = '. ( !empty($_REQUEST['filter']['Concurrent']) ? 1 : 0); $sql .= ', Concurrent = '. ( !empty($_REQUEST['filter']['Concurrent']) ? 1 : 0);
if ( $_REQUEST['Id'] and ( $action == 'Save' ) ) { if ( $_REQUEST['Id'] and ( $action == 'Save' ) ) {
dbQuery('UPDATE Filters SET ' . $sql. ' WHERE Id=?', array($_REQUEST['Id'])); dbQuery('UPDATE Filters SET '.$sql.' WHERE Id=?', array($_REQUEST['Id']));
} else { } else {
dbQuery('INSERT INTO Filters SET' . $sql); dbQuery('INSERT INTO Filters SET'.$sql);
$_REQUEST['Id'] = dbInsertId(); $_REQUEST['Id'] = dbInsertId();
} }
if ( $action == 'execute' ) { if ( $action == 'execute' ) {
executeFilter( $tempFilterName ); executeFilter($_REQUEST['Id']);
} $view = 'events';
}
} // end if save or execute } // end if save or execute
} // end if canEdit(Events) } // end if canEdit(Events)
return; } // end if object == filter
} // end if object == filter
} // end canView(Events)
?> ?>

View File

@ -20,7 +20,7 @@
// System edit actions // System edit actions
if ( !canEdit('System') ) { if ( !canEdit('System') ) {
Warning("Need System Permission to edit states"); Warning('Need System Permission to edit states');
return; return;
} }
if ( $action == 'state' ) { if ( $action == 'state' ) {

View File

@ -51,11 +51,20 @@ function CSPHeaders($view, $nonce) {
case 'blank': case 'blank':
case 'console': case 'console':
case 'controlcap': case 'controlcap':
case 'cycle':
case 'donate':
case 'error':
case 'function': case 'function':
case 'log': case 'log':
case 'logout': case 'logout':
case 'optionhelp':
case 'options': case 'options':
case 'plugin':
case 'postlogin':
case 'privacy': case 'privacy':
case 'server':
case 'state':
case 'status':
case 'storage': case 'storage':
case 'version': { case 'version': {
// Enforce script-src on pages where inline scripts and event handlers have been fixed. // Enforce script-src on pages where inline scripts and event handlers have been fixed.
@ -441,6 +450,9 @@ function makeLink( $url, $label, $condition=1, $options='' ) {
return( $string ); return( $string );
} }
/**
* $label must be already escaped. It can't be done here since it sometimes contains HTML tags.
*/
function makePopupLink( $url, $winName, $winSize, $label, $condition=1, $options='' ) { function makePopupLink( $url, $winName, $winSize, $label, $condition=1, $options='' ) {
// Avoid double-encoding since some consumers incorrectly pass a pre-escaped URL. // Avoid double-encoding since some consumers incorrectly pass a pre-escaped URL.
$string = '<a class="popup-link" href="' . htmlspecialchars($url, ENT_COMPAT | ENT_HTML401, ini_get("default_charset"), false) . '"'; $string = '<a class="popup-link" href="' . htmlspecialchars($url, ENT_COMPAT | ENT_HTML401, ini_get("default_charset"), false) . '"';
@ -958,11 +970,11 @@ Logger::Debug("generating Video $command: result($result outptu:(".implode("\n",
return( $status?"":rtrim($result) ); return( $status?"":rtrim($result) );
} }
function executeFilter( $filter ) { function executeFilter( $filter_id ) {
$command = ZM_PATH_BIN."/zmfilter.pl --filter ".escapeshellarg($filter); $command = ZM_PATH_BIN.'/zmfilter.pl --filter_id '.escapeshellarg($filter_id);
$result = exec( $command, $output, $status ); $result = exec($command, $output, $status);
dbQuery( "delete from Filters where Name like '_TempFilter%'" ); dbQuery('DELETE FROM Filters WHERE Id=?', array($filter_id));
return( $status ); return $status;
} }
# This takes more than one scale amount, so it runs through each and alters dimension. # This takes more than one scale amount, so it runs through each and alters dimension.

View File

@ -51,7 +51,6 @@ require_once('includes/Event.php');
require_once('includes/Group.php'); require_once('includes/Group.php');
require_once('includes/Monitor.php'); require_once('includes/Monitor.php');
if ( if (
(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
or or
@ -118,12 +117,12 @@ $skinBase[] = $skin;
$currentCookieParams = session_get_cookie_params(); $currentCookieParams = session_get_cookie_params();
//Logger::Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)'); //Logger::Debug('Setting cookie parameters to lifetime('.$currentCookieParams['lifetime'].') path('.$currentCookieParams['path'].') domain ('.$currentCookieParams['domain'].') secure('.$currentCookieParams['secure'].') httpOnly(1)');
session_set_cookie_params( session_set_cookie_params(
$currentCookieParams['lifetime'], $currentCookieParams['lifetime'],
$currentCookieParams['path'], $currentCookieParams['path'],
$currentCookieParams['domain'], $currentCookieParams['domain'],
$currentCookieParams['secure'], $currentCookieParams['secure'],
true true
); );
ini_set('session.name', 'ZMSESSID'); ini_set('session.name', 'ZMSESSID');
@ -166,6 +165,7 @@ if ( !is_writable(ZM_DIR_EVENTS) ) {
} }
# Globals # Globals
$action = null;
$error_message = null; $error_message = null;
$redirect = null; $redirect = null;
$view = null; $view = null;
@ -185,9 +185,9 @@ foreach ( getSkinIncludes('skin.php') as $includeFile )
# User Login will be performed in auth.php # User Login will be performed in auth.php
require_once('includes/auth.php'); require_once('includes/auth.php');
if ( isset($_REQUEST['action']) ) { if ( isset($_REQUEST['action']) )
$action = detaintPath($_REQUEST['action']); $action = detaintPath($_REQUEST['action']);
}
# The only variable we really need to set is action. The others are informal. # The only variable we really need to set is action. The others are informal.
isset($view) || $view = NULL; isset($view) || $view = NULL;
@ -244,27 +244,27 @@ if ( $request ) {
require_once $includeFile; require_once $includeFile;
} }
return; return;
} else { }
if ( $includeFiles = getSkinIncludes('views/'.$view.'.php', true, true) ) {
foreach ( $includeFiles as $includeFile ) { if ( $includeFiles = getSkinIncludes('views/'.$view.'.php', true, true) ) {
if ( !file_exists($includeFile) ) foreach ( $includeFiles as $includeFile ) {
Fatal("View '$view' does not exist"); if ( !file_exists($includeFile) )
require_once $includeFile; Fatal("View '$view' does not exist");
} require_once $includeFile;
// If the view overrides $view to 'error', and the user is not logged in, then the
// issue is probably resolvable by logging in, so provide the opportunity to do so.
// The login view should handle redirecting to the correct location afterward.
if ( $view == 'error' && !isset($user) ) {
$view = 'login';
foreach ( getSkinIncludes('views/login.php', true, true) as $includeFile )
require_once $includeFile;
}
} }
// If the view is missing or the view still returned error with the user logged in, // If the view overrides $view to 'error', and the user is not logged in, then the
// then it is not recoverable. // issue is probably resolvable by logging in, so provide the opportunity to do so.
if ( !$includeFiles || $view == 'error' ) { // The login view should handle redirecting to the correct location afterward.
foreach ( getSkinIncludes('views/error.php', true, true) as $includeFile ) if ( $view == 'error' && !isset($user) ) {
$view = 'login';
foreach ( getSkinIncludes('views/login.php', true, true) as $includeFile )
require_once $includeFile; require_once $includeFile;
} }
} }
// If the view is missing or the view still returned error with the user logged in,
// then it is not recoverable.
if ( !$includeFiles || $view == 'error' ) {
foreach ( getSkinIncludes('views/error.php', true, true) as $includeFile )
require_once $includeFile;
}
?> ?>

View File

@ -131,7 +131,7 @@ echo output_link_if_exists( array(
var $j = jQuery.noConflict(); var $j = jQuery.noConflict();
// $j is now an alias to the jQuery function; creating the new alias is optional. // $j is now an alias to the jQuery function; creating the new alias is optional.
</script> </script>
<script src="skins/<?php echo $skin; ?>/views/js/state.js"></script> <script src="<?php echo cache_bust('skins/'.$skin.'/views/js/state.js') ?>"></script>
<?php <?php
if ( $title == 'Login' && (defined('ZM_OPT_USE_GOOG_RECAPTCHA') && ZM_OPT_USE_GOOG_RECAPTCHA) ) { if ( $title == 'Login' && (defined('ZM_OPT_USE_GOOG_RECAPTCHA') && ZM_OPT_USE_GOOG_RECAPTCHA) ) {
?> ?>

View File

@ -64,7 +64,7 @@ var popupSizes = {
'stats': {'width': 840, 'height': 200}, 'stats': {'width': 840, 'height': 200},
'storage': {'width': 600, 'height': 405}, 'storage': {'width': 600, 'height': 405},
'timeline': {'width': 760, 'height': 540}, 'timeline': {'width': 760, 'height': 540},
'user': {'width': 360, 'height': 720}, 'user': {'width': 460, 'height': 720},
'version': {'width': 360, 'height': 185}, 'version': {'width': 360, 'height': 185},
'video': {'width': 420, 'height': 360}, 'video': {'width': 420, 'height': 360},
'videoview': {'addWidth': 48, 'addHeight': 80}, 'videoview': {'addWidth': 48, 'addHeight': 80},

View File

@ -20,22 +20,19 @@
$newBandwidth = $_COOKIE['zmBandwidth']; $newBandwidth = $_COOKIE['zmBandwidth'];
if ( $user && !empty($user['MaxBandwidth']) ) # Limit available options to what are available in user
{ if ( $user && !empty($user['MaxBandwidth']) ) {
if ( $user['MaxBandwidth'] == "low" ) if ( $user['MaxBandwidth'] == 'low' ) {
{ unset($bandwidth_options['high']);
unset( $bandwidth_options['high'] ); unset($bandwidth_options['medium']);
unset( $bandwidth_options['medium'] ); } else if ( $user['MaxBandwidth'] == 'medium' ) {
} unset($bandwidth_options['high']);
elseif ( $user['MaxBandwidth'] == "medium" ) }
{
unset( $bandwidth_options['high'] );
}
} }
$focusWindow = true; $focusWindow = true;
xhtmlHeaders(__FILE__, translate('Bandwidth') ); xhtmlHeaders(__FILE__, translate('Bandwidth'));
?> ?>
<body> <body>
<div id="page"> <div id="page">
@ -43,13 +40,14 @@ xhtmlHeaders(__FILE__, translate('Bandwidth') );
<h2><?php echo translate('Bandwidth') ?></h2> <h2><?php echo translate('Bandwidth') ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>"> <form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<input type="hidden" name="view" value="none"/> <input type="hidden" name="view" value="bandwidth"/>
<input type="hidden" name="action" value="bandwidth"/> <input type="hidden" name="action" value="bandwidth"/>
<p><?php echo translate('SetNewBandwidth') ?></p> <p><?php echo translate('SetNewBandwidth') ?></p>
<p><?php echo buildSelect( "newBandwidth", $bandwidth_options ) ?></p> <p><?php echo buildSelect('newBandwidth', $bandwidth_options) ?></p>
<div id="contentButtons"> <div id="contentButtons">
<input type="submit" value="<?php echo translate('Save') ?>"/><input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/> <button type="submit" value="Save"><?php echo translate('Save') ?></button>
<button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
</div> </div>
</form> </form>
</div> </div>

View File

@ -63,9 +63,9 @@ foreach( $controls as $control )
{ {
?> ?>
<tr> <tr>
<td class="colName"><?php echo makePopupLink( '?view=controlcap&cid='.$control['Id'], 'zmControlCap', 'controlcap', $control['Name'], canView( 'Control' ) ) ?></td> <td class="colName"><?php echo makePopupLink( '?view=controlcap&cid='.$control['Id'], 'zmControlCap', 'controlcap', validHtmlStr($control['Name']), canView( 'Control' ) ) ?></td>
<td class="colType"><?php echo $control['Type'] ?></td> <td class="colType"><?php echo $control['Type'] ?></td>
<td class="colProtocol"><?php echo $control['Protocol'] ?></td> <td class="colProtocol"><?php echo validHtmlStr($control['Protocol']) ?></td>
<td class="colCanMove"><?php echo $control['CanMove']?translate('Yes'):translate('No') ?></td> <td class="colCanMove"><?php echo $control['CanMove']?translate('Yes'):translate('No') ?></td>
<td class="colCanZoom"><?php echo $control['CanZoom']?translate('Yes'):translate('No') ?></td> <td class="colCanZoom"><?php echo $control['CanZoom']?translate('Yes'):translate('No') ?></td>
<td class="colCanFocus"><?php echo $control['CanFocus']?translate('Yes'):translate('No') ?></td> <td class="colCanFocus"><?php echo $control['CanFocus']?translate('Yes'):translate('No') ?></td>

View File

@ -79,7 +79,9 @@ $pagination = getPagination($pages, $page, $maxShortcuts, $filterQuery.$sortQuer
$focusWindow = true; $focusWindow = true;
if ( $_POST ) { if ( $_POST ) {
header('Location: ' . $_SERVER['REQUEST_URI'].htmlspecialchars_decode($filterQuery).htmlspecialchars_decode($sortQuery).$limitQuery.'&page='.$page); // I think this is basically so that a refresh doesn't repost
Logger::Debug("Redirecting to " . $_SERVER['REQUEST_URI']);
header('Location: ?view=' . $view.htmlspecialchars_decode($filterQuery).htmlspecialchars_decode($sortQuery).$limitQuery.'&page='.$page);
exit(); exit();
} }

View File

@ -50,7 +50,7 @@ if ( isset($_REQUEST['sort_field']) && isset($_REQUEST['filter']) ) {
} }
if ( isset($_REQUEST['filter']) ) { if ( isset($_REQUEST['filter']) ) {
$filter->set( $_REQUEST['filter'] ); $filter->set($_REQUEST['filter']);
# Update our filter object with whatever changes we have made before saving # Update our filter object with whatever changes we have made before saving
} }
@ -58,7 +58,7 @@ $conjunctionTypes = getFilterQueryConjunctionTypes();
$obracketTypes = array(); $obracketTypes = array();
$cbracketTypes = array(); $cbracketTypes = array();
if (count($filter->terms()) > 0) { if ( count($filter->terms()) > 0 ) {
$terms = $filter->terms(); $terms = $filter->terms();
} else { } else {
$terms[] = array(); $terms[] = array();
@ -177,9 +177,9 @@ if ( (null !== $filter->Concurrent()) and $filter->Concurrent() )
?> ?>
</div> </div>
</form> </form>
<form name="contentForm" id="contentForm" method="post" class="validateFormOnSubmit"> <form name="contentForm" id="contentForm" method="post" class="validateFormOnSubmit" action="?view=filter">
<input type="hidden" name="Id" value="<?php echo $filter->Id() ?>"/> <input type="hidden" name="Id" value="<?php echo $filter->Id() ?>"/>
<input type="hidden" name="action" value=""/> <input type="hidden" name="action"/>
<input type="hidden" name="object" value="filter"/> <input type="hidden" name="object" value="filter"/>
<hr/> <hr/>
@ -393,7 +393,7 @@ if ( ZM_OPT_MESSAGE ) {
</p> </p>
<p><label><?php echo translate('FilterMoveEvents') ?></label> <p><label><?php echo translate('FilterMoveEvents') ?></label>
<input type="checkbox" name="filter[AutoMove]" value="1"<?php if ( $filter->AutoMove() ) { ?> checked="checked"<?php } ?> onclick="updateButtons(this);if(this.checked){$j(this.form.elements['filter[AutoMoveTo]']).css('display','inline');}else{this.form.elements['filter[AutoMoveTo]'].hide();};"/> <input type="checkbox" name="filter[AutoMove]" value="1"<?php if ( $filter->AutoMove() ) { ?> checked="checked"<?php } ?> onclick="updateButtons(this);if(this.checked){$j(this.form.elements['filter[AutoMoveTo]']).css('display','inline');}else{this.form.elements['filter[AutoMoveTo]'].hide();};"/>
<?php echo htmlSelect( "filter[AutoMoveTo]", $storageareas, $filter->AutoMoveTo(), $filter->AutoMove() ? null : array('style'=>'display:none;' ) ); ?> <?php echo htmlSelect('filter[AutoMoveTo]', $storageareas, $filter->AutoMoveTo(), $filter->AutoMove() ? null : array('style'=>'display:none;' )); ?>
</p> </p>
<p> <p>
<label for="background"><?php echo translate('BackgroundFilter') ?></label> <label for="background"><?php echo translate('BackgroundFilter') ?></label>
@ -408,7 +408,7 @@ if ( ZM_OPT_MESSAGE ) {
<div id="contentButtons"> <div id="contentButtons">
<button type="submit" data-on-click-this="submitToEvents"><?php echo translate('ListMatches') ?></button> <button type="submit" data-on-click-this="submitToEvents"><?php echo translate('ListMatches') ?></button>
<button type="button" data-on-click-this="submitToExport"><?php echo translate('ExportMatches') ?></button> <button type="button" data-on-click-this="submitToExport"><?php echo translate('ExportMatches') ?></button>
<button type="submit" name="executeButton" id="executeButton" data-on-click-this="executeFilter"><?php echo translate('Execute') ?></button> <button type="button" name="executeButton" id="executeButton" data-on-click-this="executeFilter"><?php echo translate('Execute') ?></button>
<?php <?php
if ( canEdit('Events') ) { if ( canEdit('Events') ) {
?> ?>

View File

@ -7,20 +7,21 @@ function validateForm( form ) {
obrCount += parseInt(form.elements['filter[Query][terms][' + i + '][obr]'].value); obrCount += parseInt(form.elements['filter[Query][terms][' + i + '][obr]'].value);
cbrCount += parseInt(form.elements['filter[Query][terms][' + i + '][cbr]'].value); cbrCount += parseInt(form.elements['filter[Query][terms][' + i + '][cbr]'].value);
} }
if (form.elements['filter[Query][terms][' + i + '][val]'].value == '') { if ( form.elements['filter[Query][terms][' + i + '][val]'].value == '' ) {
alert( errorValue ); alert(errorValue);
return false; return false;
} }
} }
if (obrCount - cbrCount != 0) { if ( (obrCount - cbrCount) != 0 ) {
alert( errorBrackets ); alert(errorBrackets);
return false; return false;
} }
var numbers_reg = /\D/; var numbers_reg = /\D/;
if ( numbers_reg.test( form.elements['filter[Query][limit]'].value ) ) { if ( numbers_reg.test(form.elements['filter[Query][limit]'].value) ) {
alert( "There appear to be non-numeric characters in your limit. Limit must be a positive integer value or empty." ); alert("There appear to be non-numeric characters in your limit. Limit must be a positive integer value or empty.");
return false; return false;
} }
console.log("Success validating");
return true; return true;
} }
@ -88,9 +89,10 @@ function submitToExport(element) {
function executeFilter( element ) { function executeFilter( element ) {
var form = element.form; var form = element.form;
form.action = thisUrl + '?view=events'; form.action = thisUrl + '?view=filter';
form.elements['action'].value = 'execute'; form.elements['action'].value = 'execute';
history.replaceState(null, null, '?view=filter&' + $j(form).serialize()); form.submit();
//history.replaceState(null, null, '?view=filter&' + $j(form).serialize());
} }
function saveFilter( element ) { function saveFilter( element ) {
@ -235,12 +237,12 @@ function stringFilter(term) {
function addTerm( element ) { function addTerm( element ) {
var row = $j(element).closest('tr'); var row = $j(element).closest('tr');
row.find('select').chosen("destroy"); row.find('select').chosen('destroy');
var newRow = row.clone().insertAfter(row); var newRow = row.clone().insertAfter(row);
row.find('select').chosen({width: "101%"}); row.find('select').chosen({width: '101%'});
newRow.find('select').each( function() { //reset new row to default newRow.find('select').each( function() { //reset new row to default
this[0].selected = 'selected'; this[0].selected = 'selected';
}).chosen({width: "101%"}); }).chosen({width: '101%'});
newRow.find('input[type="text"]').val(''); newRow.find('input[type="text"]').val('');
var rows = $j(row).parent().children(); var rows = $j(row).parent().children();
parseRows(rows); parseRows(rows);

View File

@ -4,49 +4,47 @@ $j(document).ready(function() {
runstate = $j(this).val(); runstate = $j(this).val();
if ( (runstate == 'stop') || (runstate == 'restart') || (runstate == 'start') || (runstate == 'default') ) { if ( (runstate == 'stop') || (runstate == 'restart') || (runstate == 'start') || (runstate == 'default') ) {
$j("#btnDelete").prop( "disabled", true ); $j("#btnDelete").prop("disabled", true);
} else { } else {
$j("#btnDelete").prop( "disabled", false ); $j("#btnDelete").prop("disabled", false);
} }
}); });
// Enable or disable the Save button when entering a new state // Enable or disable the Save button when entering a new state
$j("#newState").keyup(function() { $j("#newState").keyup(function() {
length = $j(this).val().length; length = $j(this).val().length;
console.log(length); if ( length < 1 ) {
if (length < 1) { $j("#btnSave").prop("disabled", true);
$j("#btnSave").prop( "disabled", true );
} else { } else {
$j("#btnSave").prop( "disabled", false ); $j("#btnSave").prop("disabled", false);
} }
}); });
// Delete a state // Delete a state
$j("#btnDelete").click(function() { $j("#btnDelete").click(function() {
stateStuff( 'delete', $j("#runState").val( )); stateStuff('delete', $j("#runState").val());
}); });
// Save a new state // Save a new state
$j("#btnSave").click(function() { $j("#btnSave").click(function() {
stateStuff( 'save', undefined, $j("#newState").val() ); stateStuff('save', undefined, $j("#newState").val());
}); });
// Change state // Change state
$j("#btnApply").click(function() { $j("#btnApply").click(function() {
stateStuff( 'state', $j("#runState").val() ); stateStuff('state', $j("#runState").val());
}); });
function stateStuff( action, runState, newState ) { function stateStuff(action, runState, newState) {
var formData = { var formData = {
'view': 'console', 'view': 'state',
'action': action, 'action': action,
'apply': 1, 'apply': 1,
'runState': runState, 'runState': runState,
'newState': newState 'newState': newState
}; };
console.log(formData);
$j("#pleasewait").toggleClass("hidden"); $j("#pleasewait").toggleClass("hidden");

View File

@ -734,11 +734,13 @@ function Polygon_calcArea( coords ) {
var n_coords = coords.length; var n_coords = coords.length;
var float_area = 0.0; var float_area = 0.0;
for ( i = 0, j = n_coords-1; i < n_coords; j = i++ ) { for ( i = 0; i < n_coords-1; i++ ) {
var trap_area = ( ( coords[i].x - coords[j].x ) * ( coords[i].y + coords[j].y ) ) / 2; var trap_area = (coords[i].x*coords[i+1].y - coords[i+1].x*coords[i].y) / 2;
float_area += trap_area; float_area += trap_area;
//printf( "%.2f (%.2f)\n", float_area, trap_area ); //printf( "%.2f (%.2f)\n", float_area, trap_area );
} }
float_area += (coords[n_coords-1].x*coords[0].y - coords[0].x*coords[n_coords-1].y) / 2;
return Math.round( Math.abs( float_area ) ); return Math.round( Math.abs( float_area ) );
} }

View File

@ -32,6 +32,12 @@ require_once($skinJsPhpFile);
?> ?>
</script> </script>
<script src="<?php echo cache_bust($skinJsFile) ?>"></script> <script src="<?php echo cache_bust($skinJsFile) ?>"></script>
<script nonce="<?php echo $cspNonce ?>">
<?php
if ( !$debug )
echo 'closeWindow();';
?>
</script>
</head> </head>
<body> <body>
</body> </body>

View File

@ -36,7 +36,8 @@ if ( $zid > 0 ) {
return; return;
} }
$monitor = dbFetchMonitor ( $mid ); $monitor = dbFetchMonitor ( $mid );
$plugin = $_REQUEST['pl']; // Only allow certain filename characters (not including a period) to prevent directory traversal.
$plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']);
$plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin; $plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin;
@ -103,7 +104,7 @@ function pLang($name)
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo $plugin ?></h2> <h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="pluginForm" id="pluginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>"> <form name="pluginForm" id="pluginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
@ -111,7 +112,7 @@ function pLang($name)
<input type="hidden" name="action" value="plugin"/> <input type="hidden" name="action" value="plugin"/>
<input type="hidden" name="mid" value="<?php echo $mid ?>"/> <input type="hidden" name="mid" value="<?php echo $mid ?>"/>
<input type="hidden" name="zid" value="<?php echo $zid ?>"/> <input type="hidden" name="zid" value="<?php echo $zid ?>"/>
<input type="hidden" name="pl" value="<?php echo $plugin ?>"/> <input type="hidden" name="pl" value="<?php echo validHtmlStr($plugin) ?>"/>
<div id="settingsPanel"> <div id="settingsPanel">
<table id="pluginSettings" cellspacing="0"> <table id="pluginSettings" cellspacing="0">
@ -143,8 +144,9 @@ foreach($pluginOptions as $name => $popt)
<?php <?php
} }
?> ?>
</td>
</select> </select>
</td>
<?php <?php
break; break;
case "text": case "text":
@ -158,7 +160,7 @@ foreach($pluginOptions as $name => $popt)
?> ?>
</tbody> </tbody>
</table> </table>
<input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" onclick="return saveChanges( this )"<?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/> <input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" <?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/>
<input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/> <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
</div> </div>
</form> </form>

View File

@ -18,7 +18,7 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
// //
if ( !canEdit( 'System' ) ) { if ( !canEdit('System') ) {
$view = 'error'; $view = 'error';
return; return;
} }
@ -32,7 +32,7 @@ if ( !canEdit( 'System' ) ) {
<h2 class="modal-title"><?php echo translate('RunState') ?></h2> <h2 class="modal-title"><?php echo translate('RunState') ?></h2>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<input type="hidden" name="view" value="<?php echo $view ?>"/> <input type="hidden" name="view" value="state"/>
<input type="hidden" name="action" value="state"/> <input type="hidden" name="action" value="state"/>
<input type="hidden" name="apply" value="1"/> <input type="hidden" name="apply" value="1"/>
@ -51,7 +51,7 @@ if ( $running ) {
<option value="start" selected="selected"><?php echo translate('Start') ?></option> <option value="start" selected="selected"><?php echo translate('Start') ?></option>
<?php <?php
} }
$states = dbFetchAll( 'SELECT * FROM States' ); $states = dbFetchAll('SELECT * FROM States');
foreach ( $states as $state ) { foreach ( $states as $state ) {
?> ?>
<option value="<?php echo $state['Name'] ?>"><?php echo $state['Name'] ?></option> <option value="<?php echo $state['Name'] ?>"><?php echo $state['Name'] ?></option>

View File

@ -18,20 +18,19 @@
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
// //
if ( !canView( 'System' ) ) if ( !canView('System') ) {
{ $view = 'error';
$view = "error"; return;
return;
} }
$zmuCommand = getZmuCommand( " --list" ); $zmuCommand = getZmuCommand(' --list');
$result = exec( escapeshellcmd( $zmuCommand ), $output ); $result = exec(escapeshellcmd($zmuCommand), $output);
$refresh = ZM_WEB_REFRESH_STATUS; $refresh = ZM_WEB_REFRESH_STATUS;
$url = '?view='.$view; $url = '?view='.$view;
noCacheHeaders(); noCacheHeaders();
xhtmlHeaders(__FILE__, translate('Status') ); xhtmlHeaders(__FILE__, translate('Status'));
?> ?>
<body> <body>
<div id="page"> <div id="page">
@ -39,20 +38,18 @@ xhtmlHeaders(__FILE__, translate('Status') );
<h2><?php echo translate('Status') ?></h2> <h2><?php echo translate('Status') ?></h2>
</div> </div>
<div id="content"> <div id="content">
<table id="contentTable" class="major" cellspacing="0"> <table id="contentTable" class="major">
<?php <?php
if ( $row = array_shift( $output ) ) if ( $row = array_shift($output) ) {
{
?> ?>
<thead> <thead>
<tr> <tr>
<?php <?php
foreach ( preg_split( "/\s+/", $row ) as $col ) foreach ( preg_split('/\s+/', $row) as $col ) {
{
?> ?>
<th><?php echo $col ?></th> <th><?php echo $col ?></th>
<?php <?php
} }
?> ?>
</tr> </tr>
</thead> </thead>
@ -61,17 +58,15 @@ if ( $row = array_shift( $output ) )
?> ?>
<tbody> <tbody>
<?php <?php
foreach ( $output as $row ) foreach ( $output as $row ) {
{
?> ?>
<tr> <tr>
<?php <?php
foreach ( preg_split( "/\s+/", $row ) as $col ) foreach ( preg_split('/\s+/', $row) as $col ) {
{
?> ?>
<td><?php echo $col ?></td> <td><?php echo $col ?></td>
<?php <?php
} }
?> ?>
</tr> </tr>
<?php <?php

View File

@ -20,15 +20,14 @@
$selfEdit = ZM_USER_SELF_EDIT && $_REQUEST['uid'] == $user['Id']; $selfEdit = ZM_USER_SELF_EDIT && $_REQUEST['uid'] == $user['Id'];
if ( !canEdit( 'System' ) && !$selfEdit ) if ( !canEdit('System') && !$selfEdit ) {
{ $view = 'error';
$view = "error"; return;
return;
} }
if ( $_REQUEST['uid'] ) { if ( $_REQUEST['uid'] ) {
if ( !($newUser = dbFetchOne( 'SELECT * FROM Users WHERE Id = ?', NULL, ARRAY($_REQUEST['uid'])) ) ) { if ( !($newUser = dbFetchOne('SELECT * FROM Users WHERE Id = ?', NULL, ARRAY($_REQUEST['uid']))) ) {
$view = "error"; $view = 'error';
return; return;
} }
} else { } else {
@ -38,29 +37,28 @@ if ( $_REQUEST['uid'] ) {
$newUser['MonitorIds'] = ''; $newUser['MonitorIds'] = '';
} }
$monitorIds = array_flip(explode( ',', $newUser['MonitorIds'] )); $monitorIds = array_flip(explode(',', $newUser['MonitorIds']));
$yesno = array( 0=>translate('No'), 1=>translate('Yes') ); $yesno = array( 0=>translate('No'), 1=>translate('Yes') );
$nv = array( 'None'=>translate('None'), 'View'=>translate('View') ); $nv = array( 'None'=>translate('None'), 'View'=>translate('View') );
$nve = array( 'None'=>translate('None'), 'View'=>translate('View'), 'Edit'=>translate('Edit') ); $nve = array( 'None'=>translate('None'), 'View'=>translate('View'), 'Edit'=>translate('Edit') );
$bandwidths = array_merge( array( ""=>"" ), $bandwidth_options ); $bandwidths = array_merge( array( ''=>'' ), $bandwidth_options );
$langs = array_merge( array( ""=>"" ), getLanguages() ); $langs = array_merge( array( ''=>'' ), getLanguages() );
$sql = "select Id,Name from Monitors order by Sequence asc"; $sql = 'SELECT Id,Name FROM Monitors ORDER BY Sequence ASC';
$monitors = array(); $monitors = array();
foreach( dbFetchAll( $sql ) as $monitor ) foreach( dbFetchAll($sql) as $monitor ) {
{ $monitors[] = $monitor;
$monitors[] = $monitor;
} }
$focusWindow = true; $focusWindow = true;
xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] ); xhtmlHeaders(__FILE__, translate('User').' - '.$newUser['Username']);
?> ?>
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
<h2><?php echo translate('User')." - ".$newUser['Username'] ?></h2> <h2><?php echo translate('User').' - '.$newUser['Username'] ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="return validateForm( this, <?php echo empty($newUser['Password'])?'true':'false' ?> )"> <form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="return validateForm( this, <?php echo empty($newUser['Password'])?'true':'false' ?> )">
@ -68,11 +66,10 @@ xhtmlHeaders(__FILE__, translate('User')." - ".$newUser['Username'] );
<input type="hidden" name="action" value="user"/> <input type="hidden" name="action" value="user"/>
<input type="hidden" name="uid" value="<?php echo validHtmlStr($_REQUEST['uid']) ?>"/> <input type="hidden" name="uid" value="<?php echo validHtmlStr($_REQUEST['uid']) ?>"/>
<input type="hidden" name="newUser[MonitorIds]" value="<?php echo $newUser['MonitorIds'] ?>"/> <input type="hidden" name="newUser[MonitorIds]" value="<?php echo $newUser['MonitorIds'] ?>"/>
<table id="contentTable" class="major" cellspacing="0"> <table id="contentTable" class="major">
<tbody> <tbody>
<?php <?php
if ( canEdit( 'System' ) ) if ( canEdit('System') ) {
{
?> ?>
<tr> <tr>
<th scope="row"><?php echo translate('Username') ?></th> <th scope="row"><?php echo translate('Username') ?></th>
@ -83,19 +80,18 @@ if ( canEdit( 'System' ) )
?> ?>
<tr> <tr>
<th scope="row"><?php echo translate('NewPassword') ?></th> <th scope="row"><?php echo translate('NewPassword') ?></th>
<td><input type="password" name="newUser[Password]" value=""/></td> <td><input type="password" name="newUser[Password]"/></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php echo translate('ConfirmPassword') ?></th> <th scope="row"><?php echo translate('ConfirmPassword') ?></th>
<td><input type="password" name="conf_password" value=""/></td> <td><input type="password" name="conf_password"/></td>
</tr> </tr>
<tr> <tr>
<th scope="row"><?php echo translate('Language') ?></th> <th scope="row"><?php echo translate('Language') ?></th>
<td><?php echo buildSelect( "newUser[Language]", $langs ) ?></td> <td><?php echo buildSelect( "newUser[Language]", $langs ) ?></td>
</tr> </tr>
<?php <?php
if ( canEdit( 'System' ) ) if ( canEdit('System') ) {
{
?> ?>
<tr> <tr>
<th scope="row"><?php echo translate('Enabled') ?></th> <th scope="row"><?php echo translate('Enabled') ?></th>
@ -134,14 +130,12 @@ if ( canEdit( 'System' ) )
<td> <td>
<select name="monitorIds" size="4" multiple="multiple"> <select name="monitorIds" size="4" multiple="multiple">
<?php <?php
foreach ( $monitors as $monitor ) foreach ( $monitors as $monitor ) {
{ if ( visibleMonitor($monitor['Id']) ) {
if ( visibleMonitor( $monitor['Id'] ) )
{
?> ?>
<option value="<?php echo $monitor['Id'] ?>"<?php if ( array_key_exists( $monitor['Id'], $monitorIds ) ) { ?> selected="selected"<?php } ?>><?php echo htmlentities($monitor['Name']) ?></option> <option value="<?php echo $monitor['Id'] ?>"<?php if ( array_key_exists($monitor['Id'], $monitorIds) ) { ?> selected="selected"<?php } ?>><?php echo htmlentities($monitor['Name']) ?></option>
<?php <?php
} }
} }
?> ?>
</select> </select>
@ -153,7 +147,8 @@ if ( canEdit( 'System' ) )
</tbody> </tbody>
</table> </table>
<div id="contentButtons"> <div id="contentButtons">
<input type="submit" value="<?php echo translate('Save') ?>"/><input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/> <button type="submit" value="Save"><?php echo translate('Save') ?></button>
<button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
</div> </div>
</form> </form>
</div> </div>

View File

@ -145,10 +145,10 @@ if ( $showPtzControls ) {
</div> </div>
<?php <?php
} }
if ( canView( 'Events' ) && $monitor->Type() != 'WebSite' ) { if ( canView('Events') && ($monitor->Type() != 'WebSite') ) {
?> ?>
<div id="events"> <div id="events">
<table id="eventList" cellspacing="0"> <table id="eventList">
<thead> <thead>
<tr> <tr>
<th class="colId"><?php echo translate('Id') ?></th> <th class="colId"><?php echo translate('Id') ?></th>

View File

@ -74,8 +74,8 @@ xhtmlHeaders(__FILE__, translate('Zones') );
foreach( $zones as $zone ) { foreach( $zones as $zone ) {
?> ?>
<tr> <tr>
<td class="colName"><?php echo makePopupLink('?view=zone&mid=' . $mid . '&zid=' . $zone['Id'], 'zmZone', array('zone', $monitor->Width(), $monitor->Height()), $zone['Name'], true, 'onclick="streamCmdQuit( true ); return( false );"'); ?></td> <td class="colName"><?php echo makePopupLink('?view=zone&mid=' . $mid . '&zid=' . $zone['Id'], 'zmZone', array('zone', $monitor->Width(), $monitor->Height()), validHtmlStr($zone['Name']), true, 'onclick="streamCmdQuit( true ); return( false );"'); ?></td>
<td class="colType"><?php echo $zone['Type'] ?></td> <td class="colType"><?php echo validHtmlStr($zone['Type']) ?></td>
<td class="colUnits"><?php echo $zone['Area'] ?>&nbsp;/&nbsp;<?php echo sprintf( "%.2f", ($zone['Area']*100)/($monitor->Width()*$monitor->Height()) ) ?></td> <td class="colUnits"><?php echo $zone['Area'] ?>&nbsp;/&nbsp;<?php echo sprintf( "%.2f", ($zone['Area']*100)/($monitor->Width()*$monitor->Height()) ) ?></td>
<td class="colMark"><input type="checkbox" name="markZids[]" value="<?php echo $zone['Id'] ?>" data-on-click-this="configureDeleteButton"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/></td> <td class="colMark"><input type="checkbox" name="markZids[]" value="<?php echo $zone['Id'] ?>" data-on-click-this="configureDeleteButton"<?php if ( !canEdit( 'Monitors' ) ) { ?> disabled="disabled"<?php } ?>/></td>
</tr> </tr>