diff --git a/web/skins/classic/views/js/watch.js.php b/web/skins/classic/views/js/watch.js.php index 829beb0e7..5e6c48914 100644 --- a/web/skins/classic/views/js/watch.js.php +++ b/web/skins/classic/views/js/watch.js.php @@ -44,9 +44,9 @@ var showMode = "'; var maxDisplayEvents = ; -var monitorId = Id ?>; -var monitorWidth = Width ?>; -var monitorHeight = Height ?>; +var monitorId = Id() ?>; +var monitorWidth = Width() ?>; +var monitorHeight = Height() ?>; var scale = ; @@ -61,11 +61,11 @@ var canStreamNative = ; var canPlayPauseAudio = Browser.ie; -CanMoveMap ) { ?> +CanMoveMap() ) { ?> var imageControlMode = "moveMap"; -CanMoveRel ) { ?> +CanMoveRel() ) { ?> var imageControlMode = "movePseudoMap"; -CanMoveCon ) { ?> +CanMoveCon() ) { ?> var imageControlMode = "moveConMap"; var imageControlMode = null; diff --git a/web/skins/classic/views/watch.php b/web/skins/classic/views/watch.php index ad1857f9a..102ae41ac 100644 --- a/web/skins/classic/views/watch.php +++ b/web/skins/classic/views/watch.php @@ -25,21 +25,24 @@ if ( !canView( 'Stream' ) ) $view = "error"; return; } -if ( ! visibleMonitor( $_REQUEST['mid'] ) ) { + +// This is for input sanitation +$mid = intval( $_REQUEST['mid'] ); +if ( ! visibleMonitor( $mid ) ) { $view = "error"; return; } $sql = 'SELECT C.*, M.* FROM Monitors AS M LEFT JOIN Controls AS C ON (M.ControlId = C.Id ) WHERE M.Id = ?'; -$monitor = new Monitor( $_REQUEST['mid'] ); +$monitor = new Monitor( $mid ); #dbFetchOne( $sql, NULL, array( $_REQUEST['mid'] ) ); if ( isset($_REQUEST['showControls']) ) $showControls = validInt($_REQUEST['showControls']); else - $showControls = (canView( 'Control' ) && ($monitor->DefaultView == 'Control')); + $showControls = (canView( 'Control' ) && ($monitor->DefaultView() == 'Control')); -$showPtzControls = ( ZM_OPT_CONTROL && $monitor->Controllable && canView( 'Control' ) ); +$showPtzControls = ( ZM_OPT_CONTROL && $monitor->Controllable() && canView( 'Control' ) ); if ( isset( $_REQUEST['scale'] ) ) $scale = validInt($_REQUEST['scale']); @@ -56,7 +59,7 @@ if ( ZM_WEB_STREAM_METHOD == 'mpeg' && ZM_MPEG_LIVE_FORMAT ) elseif ( canStream() ) { $streamMode = "jpeg"; - $streamSrc = $monitor->getStreamSrc( array( "mode=".$streamMode, "scale=".$scale, "maxfps=".ZM_WEB_VIDEO_MAXFPS, "buffer=".$monitor->StreamReplayBuffer ) ); + $streamSrc = $monitor->getStreamSrc( array( "mode=".$streamMode, "scale=".$scale, "maxfps=".ZM_WEB_VIDEO_MAXFPS, "buffer=".$monitor->StreamReplayBuffer() ) ); } else { @@ -99,7 +102,7 @@ if ( $showPtzControls ) if ( canView( 'Control' ) && $monitor->Type() == "Local" ) { ?> -