Merge branch 'master' into storageareas

This commit is contained in:
Isaac Connor 2019-02-10 12:37:45 -05:00
commit 555cb4780d
75 changed files with 251 additions and 160 deletions

View File

@ -3035,7 +3035,7 @@ our @options = (
},
{
name => 'ZM_WEB_H_REFRESH_NAVBAR',
default => '5',
default => '60',
description => 'How often (in seconds) the navigation header should refresh itself',
help => q`
The navigation header contains the general status information about server load and storage space.
@ -3308,7 +3308,7 @@ our @options = (
},
{
name => 'ZM_WEB_M_REFRESH_NAVBAR',
default => '15',
default => '120',
description => 'How often (in seconds) the navigation header should refresh itself',
help => q`
The navigation header contains the general status information about server load and storage space.
@ -3581,7 +3581,7 @@ our @options = (
},
{
name => 'ZM_WEB_L_REFRESH_NAVBAR',
default => '35',
default => '180',
description => 'How often (in seconds) the navigation header should refresh itself',
help => q`
The navigation header contains the general status information about server load and storage space.

View File

@ -15,7 +15,7 @@ switch ( $_REQUEST['task'] ) {
$file = !empty($_POST['file']) ? preg_replace( '/\w+:\/\/[\w.:]+\//', '', $_POST['file'] ) : '';
if ( !empty( $_POST['line'] ) )
$line = $_POST['line'];
$line = validInt($_POST['line']);
else
$line = NULL;

View File

@ -50,9 +50,8 @@ class Frame {
}
public function getImageSrc( $show='capture' ) {
return $_SERVER['PHP_SELF'].'?view=image&fid='.$this->{'FrameId'}.'&eid='.$this->{'EventId'}.'&show='.$show;
#return $_SERVER['PHP_SELF'].'?view=image&fid='.$this->{'Id'}.'&show='.$show.'&filename='.$this->Event()->MonitorId().'_'.$this->{'EventId'}.'_'.$this->{'FrameId'}.'.jpg';
return '?view=image&fid='.$this->{'FrameId'}.'&eid='.$this->{'EventId'}.'&show='.$show;
#return '?view=image&fid='.$this->{'Id'}.'&show='.$show.'&filename='.$this->Event()->MonitorId().'_'.$this->{'EventId'}.'_'.$this->{'FrameId'}.'.jpg';
} // end function getImageSrc
public static function find( $parameters = array(), $options = NULL ) {

View File

@ -331,6 +331,20 @@ private $control_fields = array(
return $this->defaults{$field};
} // end function Height
public function SignalCheckColour($new=null) {
$field = 'SignalCheckColour';
if ($new) {
$this->{$field} = $new;
}
// Validate that it's a valid colour (we seem to allow color names, not just hex).
// This also helps prevent XSS.
if (array_key_exists($field, $this) && preg_match('/^[#0-9a-zA-Z]+$/', $this->{$field})) {
return $this->{$field};
}
return $this->defaults{$field};
} // end function SignalCheckColour
public function set($data) {
foreach ($data as $k => $v) {
if ( method_exists($this, $k) ) {

View File

@ -117,7 +117,8 @@ class Server {
if ( isset($this->{'PathToIndex'}) and $this->{'PathToIndex'} ) {
return $this->{'PathToIndex'};
}
return $_SERVER['PHP_SELF'];
// We can't trust PHP_SELF to not include an XSS vector. See note in skin.js.php.
return preg_replace('/\.php.*$/i', '.php', $_SERVER['PHP_SELF']);
}
public function UrlToIndex( $port=null ) {

View File

@ -43,7 +43,7 @@ if ( $action == 'delete' ) {
$Group->delete();
}
}
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=groups';
$redirect = '?view=groups';
$refreshParent = true;
} # end if action
?>

View File

@ -40,7 +40,7 @@ if ( isset($_REQUEST['object']) ) {
$_SESSION['zmMontageLayout'] = $Layout->Id();
setcookie('zmMontageLayout', $Layout->Id(), 1);
session_write_close();
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=montage';
$redirect = '?view=montage';
} // end if save
} # end if isset($_REQUEST['object'] )

View File

@ -89,7 +89,7 @@ if ( $action == 'delete' ) {
case 'lowband' :
break;
}
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=options&tab='.$_REQUEST['tab'];
$redirect = '?view=options&tab='.$_REQUEST['tab'];
}
loadConfig(false);
return;

View File

@ -28,12 +28,12 @@ if ( ($action == 'privacy') && isset($_REQUEST['option']) ) {
case 'decline' :
dbQuery("UPDATE Config SET Value = '0' WHERE Name = 'ZM_SHOW_PRIVACY'");
dbQuery("UPDATE Config SET Value = '0' WHERE Name = 'ZM_TELEMETRY_DATA'");
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=console';
$redirect = '?view=console';
break;
case 'accept' :
dbQuery("UPDATE Config SET Value = '0' WHERE Name = 'ZM_SHOW_PRIVACY'");
dbQuery("UPDATE Config SET Value = '1' WHERE Name = 'ZM_TELEMETRY_DATA'");
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=console';
$redirect = '?view=console';
break;
default: # Enable the privacy statement if we somehow submit something other than accept or decline
dbQuery("UPDATE Config SET Value = '1' WHERE Name = 'ZM_SHOW_PRIVACY'");

View File

@ -288,9 +288,13 @@ function csrf_callback($tokens) {
echo "<html><head><title>CSRF check failed</title></head>
<body>
<p>CSRF check failed. Your form session may have expired, or you may not have
cookies enabled.</p>
<form method='post' action=''>$data<input type='submit' value='Try again' /></form>
<p>Debug: $tokens</p></body></html>
cookies enabled.</p>";
if (ZM_LOG_DEBUG) {
// Don't make it too easy for users to inflict a CSRF attack on themselves.
echo "<p><strong>Only try again if you weren't sent to this page by someone as this is potentially a sign of an attack.</strong></p>";
echo "<form method='post' action=''>$data<input type='submit' value='Try again' /></form>";
}
echo "<p>Debug: $tokens</p></body></html>
";
}

View File

@ -53,7 +53,11 @@ function CSPHeaders($view, $nonce) {
case 'controlcap':
case 'cycle':
case 'donate':
case 'download':
case 'error':
case 'events':
case 'export':
case 'frame':
case 'function':
case 'log':
case 'logout':
@ -290,7 +294,7 @@ function getImageStreamHTML( $id, $src, $width, $height, $title='' ) {
function outputControlStream( $src, $width, $height, $monitor, $scale, $target ) {
?>
<form name="ctrlForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" target="<?php echo $target ?>">
<form name="ctrlForm" method="post" action="?" target="<?php echo $target ?>">
<input type="hidden" name="view" value="blank">
<input type="hidden" name="mid" value="<?php echo $monitor['Id'] ?>">
<input type="hidden" name="action" value="control">
@ -360,7 +364,7 @@ function getWebSiteUrl( $id, $src, $width, $height, $title='' ) {
function outputControlStill( $src, $width, $height, $monitor, $scale, $target ) {
?>
<form name="ctrlForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" target="<?php echo $target ?>">
<form name="ctrlForm" method="post" action="?" target="<?php echo $target ?>">
<input type="hidden" name="view" value="blank">
<input type="hidden" name="mid" value="<?php echo $monitor['Id'] ?>">
<input type="hidden" name="action" value="control">
@ -494,7 +498,6 @@ function makePopupButton( $url, $winName, $winSize, $buttonValue, $condition=1,
}
function htmlSelect( $name, $contents, $values, $behaviours=false ) {
$behaviourText = '';
if ( !empty($behaviours) ) {
if ( is_array($behaviours) ) {
@ -532,10 +535,10 @@ function htmlOptions($contents, $values) {
$text = $option;
}
$selected = is_array($values) ? in_array($value, $values) : !strcmp($value, $values);
$options_html .= "<option value=\"$value\"".
$options_html .= "<option value=\"".htmlspecialchars($value, ENT_COMPAT | ENT_HTML401, ini_get('default_charset'), false)."\"".
($selected?' selected="selected"':'').
($disabled?' disabled="disabled"':'').
">$text</option>";
">".htmlspecialchars($text, ENT_COMPAT | ENT_HTML401, ini_get('default_charset'), false)."</option>";
}
return $options_html;
}
@ -610,7 +613,7 @@ function getFormChanges( $values, $newValues, $types=false, $columns=false ) {
{
if ( is_array($newValues[$key]) ) {
if ( (!isset($values[$key])) or ( join(',',$newValues[$key]) != $values[$key] ) ) {
$changes[$key] = "`$key` = ".dbEscape(join(',',$newValues[$key]));
$changes[$key] = "`$key` = '".dbEscape(join(',',$newValues[$key]))."'";
}
} else if ( (!isset($values[$key])) or $values[$key] ) {
$changes[$key] = "`$key` = ''";
@ -1083,7 +1086,7 @@ function parseSort( $saveToSession=false, $querySep='&amp;' ) {
$_SESSION['sort_asc'] = validHtmlStr($_REQUEST['sort_asc']);
}
if ($_REQUEST['limit'] != '') {
$limitQuery = "&limit=".$_REQUEST['limit'];
$limitQuery = "&limit=".validInt($_REQUEST['limit']);
}
}
@ -1424,7 +1427,7 @@ function getPagination( $pages, $page, $maxShortcuts, $query, $querySep='&amp;'
function sortHeader( $field, $querySep='&amp;' ) {
global $view;
return( '?view='.$view.$querySep.'page=1'.$_REQUEST['filter']['query'].$querySep.'sort_field='.$field.$querySep.'sort_asc='.($_REQUEST['sort_field'] == $field?!$_REQUEST['sort_asc']:0).$querySep.'limit='.$_REQUEST['limit'] );
return '?view='.$view.$querySep.'page=1'.$_REQUEST['filter']['query'].$querySep.'sort_field='.$field.$querySep.'sort_asc='.($_REQUEST['sort_field'] == $field?!$_REQUEST['sort_asc']:0).$querySep.'limit='.validInt($_REQUEST['limit']);
}
function sortTag( $field ) {

View File

@ -455,7 +455,10 @@ function Error( $string ) {
function Fatal( $string ) {
Logger::fetch()->logPrint( Logger::FATAL, $string );
die( htmlentities($string) );
if (Logger::fetch()->debugOn()) {
echo(htmlentities($string));
}
exit(1);
}
function Panic( $string ) {
@ -474,7 +477,10 @@ function Panic( $string ) {
}
}
Logger::fetch()->logPrint( Logger::PANIC, $string.$backtrace );
die( $string );
if (Logger::fetch()->debugOn()) {
echo $string;
}
exit(1);
}
function ErrorHandler( $error, $string, $file, $line ) {

View File

@ -217,8 +217,9 @@ if ( ZM_OPT_USE_AUTH and !isset($user) and ($view != 'login') ) {
$view = 'none';
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=login';
$request = null;
} else if ( ZM_SHOW_PRIVACY && ($action != 'privacy') && ($view != 'options') && (!$request) && canEdit('System') ) {
} else if ( ZM_SHOW_PRIVACY && ($view != 'privacy') && ($view != 'options') && (!$request) && canEdit('System') ) {
$view = 'none';
Logger::Debug('Redirecting to privacy');
$redirect = ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=privacy';
$request = null;
}

View File

@ -9,8 +9,3 @@
display: flex;
justify-content: space-between;
}
#controls a {
width: 40px;
margin-left: -20px;
}

View File

@ -9,8 +9,3 @@
display: flex;
justify-content: space-between;
}
#controls a {
width: 40px;
margin-left: -20px;
}

View File

@ -9,8 +9,3 @@
display: flex;
justify-content: space-between;
}
#controls a {
width: 40px;
margin-left: -20px;
}

View File

@ -57,7 +57,7 @@ function xhtmlHeaders( $file, $title ) {
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo ZM_WEB_TITLE_PREFIX ?> - <?php echo validHtmlStr($title) ?></title>
<title><?php echo validHtmlStr(ZM_WEB_TITLE_PREFIX); ?> - <?php echo validHtmlStr($title) ?></title>
<?php
if ( file_exists( "skins/$skin/css/$css/graphics/favicon.ico" ) ) {
echo "
@ -207,7 +207,7 @@ function getBodyTopHTML() {
<body>
<noscript>
<div style="background-color:red;color:white;font-size:x-large;">
'. ZM_WEB_TITLE .' requires Javascript. Please enable Javascript in your browser for this site.
'. validHtmlStr(ZM_WEB_TITLE) .' requires Javascript. Please enable Javascript in your browser for this site.
</div>
</noscript>
@ -254,7 +254,7 @@ function getNavBarHTML($reload = null) {
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<div class="navbar-brand"><a href="<?php echo ZM_HOME_URL?>" target="<?php echo ZM_WEB_TITLE ?>"><?php echo ZM_HOME_CONTENT ?></a></div>
<div class="navbar-brand"><a href="<?php echo validHtmlStr(ZM_HOME_URL); ?>" target="<?php echo validHtmlStr(ZM_WEB_TITLE); ?>"><?php echo validHtmlStr(ZM_HOME_CONTENT); ?></a></div>
</div>
<div class="collapse navbar-collapse" id="main-header-nav">
@ -383,7 +383,7 @@ if ($reload == 'reload') ob_start();
?></li>
</ul>
<?php if ( defined('ZM_WEB_CONSOLE_BANNER') and ZM_WEB_CONSOLE_BANNER != '' ) { ?>
<h3 id="development"><?php echo ZM_WEB_CONSOLE_BANNER ?></h3>
<h3 id="development"><?php echo validHtmlStr(ZM_WEB_CONSOLE_BANNER); ?></h3>
<?php } ?>
<!-- End .footer/reload --></div>
<?php

View File

@ -126,6 +126,11 @@ function createPopup( url, name, tag, width, height ) {
}
}
// Polyfill for NodeList.prototype.forEach on IE.
if (window.NodeList && !NodeList.prototype.forEach) {
NodeList.prototype.forEach = Array.prototype.forEach;
}
window.addEventListener("DOMContentLoaded", function onSkinDCL() {
document.querySelectorAll("form.validateFormOnSubmit").forEach(function(el) {
el.addEventListener("submit", function onSubmit(evt) {

View File

@ -29,7 +29,11 @@ var AJAX_TIMEOUT = <?php echo ZM_WEB_AJAX_TIMEOUT ?>;
var navBarRefresh = <?php echo 1000*ZM_WEB_REFRESH_NAVBAR ?>;
var currentView = '<?php echo $view ?>';
var thisUrl = '<?php echo ZM_BASE_URL.$_SERVER['PHP_SELF'] ?>';
<?php
/* We can't trust PHP_SELF on a path like /index.php/"%3E%3Cimg src=x onerror=prompt('1');%3E which
will still load index.php but will include the arbitrary payload after `.php/`. To mitigate this,
try to avoid using PHP_SELF but here I try to replace everything after '.php'. */ ?>
var thisUrl = '<?php echo ZM_BASE_URL.preg_replace('/\.php.*$/i', '.php', $_SERVER['PHP_SELF']) ?>';
var skinPath = '<?php echo ZM_SKIN_PATH ?>';
var serverId = '<?php echo defined('ZM_SERVER_ID') ? ZM_SERVER_ID : '' ?>';

View File

@ -95,7 +95,7 @@ if ( ! empty($user['MonitorIds']) ) {
}
$html .= '<span class="MonitorNameFilter"><label>'.translate('Name').'</label>';
$html .= '<input type="text" name="MonitorName" value="'.(isset($_SESSION['MonitorName'])?$_SESSION['MonitorName']:'').'" placeholder="text or regular expression"/>';
$html .= '<input type="text" name="MonitorName" value="'.(isset($_SESSION['MonitorName'])?validHtmlStr($_SESSION['MonitorName']):'').'" placeholder="text or regular expression"/>';
$html .= '</span>';
$Functions = array();
@ -160,7 +160,7 @@ $html .= htmlSelect( 'Status[]', $status_options,
$html .= '</span>';
$html .= '<span class="SourceFilter"><label>'.translate('Source').'</label>';
$html .= '<input type="text" name="Source" value="'.(isset($_SESSION['Source'])?$_SESSION['Source']:'').'" placeholder="text or regular expression"/>';
$html .= '<input type="text" name="Source" value="'.(isset($_SESSION['Source'])?validHtmlStr($_SESSION['Source']):'').'" placeholder="text or regular expression"/>';
$html .= '</span>';
$sql = 'SELECT *,S.Status AS Status, S.CaptureFPS AS CaptureFPS, S.AnalysisFPS AS AnalysisFPS, S.CaptureBandwidth AS CaptureBandwidth

View File

@ -33,7 +33,7 @@ xhtmlHeaders(__FILE__, translate('AddMonitors'));
<?php echo $navbar ?>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<div style="position:relative;">
<div id="results" style="position: absolute; top:0; right: 0; width: 50%; height: 100%;">
<fieldset><legend>Results</legend>

View File

@ -160,7 +160,7 @@ if ( $show_storage_areas ) $left_columns += 1;
xhtmlHeaders( __FILE__, translate('Console') );
getBodyTopHTML();
?>
<form name="monitorForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="monitorForm" method="get" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value=""/>
@ -280,7 +280,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
$Groups = $Group->Parents();
array_push( $Groups, $Group );
}
return implode(' &gt; ', array_map(function($Group){ return '<a href="'. ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=montagereview&amp;GroupId='.$Group->Id().'">'.$Group->Name().'</a>'; }, $Groups ));
return implode(' &gt; ', array_map(function($Group){ return '<a href="?view=montagereview&amp;GroupId='.$Group->Id().'">'.$Group->Name().'</a>'; }, $Groups ));
}, $Monitor->GroupIds() ) );
?>
</div></td>
@ -308,7 +308,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
<td class="colServer"><?php $Server = isset($ServersById[$monitor['ServerId']]) ? $ServersById[$monitor['ServerId']] : new Server( $monitor['ServerId'] ); echo $Server->Name(); ?></td>
<?php
}
echo '<td class="colSource">'. makePopupLink( '?view=monitor&amp;mid='.$monitor['Id'], 'zmMonitor'.$monitor['Id'], 'monitor', '<span class="'.$source_class.'">'.$Monitor->Source().'</span>', canEdit('Monitors') ).'</td>';
echo '<td class="colSource">'. makePopupLink( '?view=monitor&amp;mid='.$monitor['Id'], 'zmMonitor'.$monitor['Id'], 'monitor', '<span class="'.$source_class.'">'.validHtmlStr($Monitor->Source()).'</span>', canEdit('Monitors') ).'</td>';
if ( $show_storage_areas ) {
?>
<td class="colStorage"><?php if ( isset($StorageById[$monitor['StorageId']]) ) { echo $StorageById[ $monitor['StorageId'] ]->Name(); } ?></td>

View File

@ -60,7 +60,7 @@ xhtmlHeaders(__FILE__, translate('Control') );
</div>
<h2><?php echo translate('Control') ?></h2>
<div id="headerControl">
<form name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="get" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<?php echo buildSelect( "mid", $mids, "this.form.submit();" ); ?>
</form>

View File

@ -183,7 +183,7 @@ foreach ( $tabs as $name=>$value )
?>
</ul>
<div class="clear"></div>
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" class="validateFormOnSubmit">
<form name="contentForm" id="contentForm" method="post" action="?" class="validateFormOnSubmit">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="tab" value="<?php echo $tab ?>"/>
<input type="hidden" name="action" value="controlcap"/>

View File

@ -39,7 +39,7 @@ xhtmlHeaders(__FILE__, translate('ControlCaps') );
<h2><?php echo translate('ControlCaps') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="return( confirmDelete( 'Warning, deleting a control will reset all monitors that use it to be uncontrollable.\nAre you sure you wish to delete?' ) );">
<form name="contentForm" id="contentForm" method="get" action="?" onsubmit="return( confirmDelete( 'Warning, deleting a control will reset all monitors that use it to be uncontrollable.\nAre you sure you wish to delete?' ) );">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value="delete"/>
<table id="contentTable" class="major" cellspacing="0">

View File

@ -48,7 +48,7 @@ xhtmlHeaders(__FILE__, translate('SetPreset') );
<h2><?php echo translate('SetPreset') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="mid" value="<?php echo $monitor['Id'] ?>"/>
<input type="hidden" name="action" value="control"/>

View File

@ -41,7 +41,7 @@ xhtmlHeaders( __FILE__, translate('Device')." - ".$newDevice['Name'] );
<h2><?php echo translate('Device')." - ".validHtmlStr($newDevice['Name']) ?></h2>
</div>
<div id="content">
<form name="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" method="get" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value="device"/>
<input type="hidden" name="did" value="<?php echo $newDevice['Id'] ?>"/>

View File

@ -40,7 +40,7 @@ xhtmlHeaders(__FILE__, translate('Devices') );
<h2><?php echo translate('Devices') ?></h2>
</div>
<div id="content">
<form name="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" method="get" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="action" value="device"/>
<input type="hidden" name="key" value=""/>

View File

@ -45,7 +45,7 @@ xhtmlHeaders(__FILE__, translate('Donate') );
<h1>ZoneMinder - <?php echo translate('Donate') ?></h1>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="action" value="donate"/>
<p>

View File

@ -45,6 +45,23 @@ if (isset($_SESSION['montageReviewFilter']) and !isset($_REQUEST['eids']) ) {
#Logger::Debug("NO montageReviewFilter");
}
$exportFormat = '';
if (isset($_REQUEST['exportFormat'])) {
if (!in_array($_REQUEST['exportFormat'], array('zip', 'tar'))) {
Error('Invalid exportFormat');
return;
}
$exportFormat = $_REQUEST['exportFormat'];
}
if (!empty($_REQUEST['eid'])) {
$Event = new Event( $_REQUEST['eid'] );
if (!$Event->Id) {
Error('Invalid event id');
return;
}
}
$focusWindow = true;
$connkey = isset($_REQUEST['connkey']) ? $_REQUEST['connkey'] : generateConnKey();
@ -67,7 +84,7 @@ if ( !empty($_REQUEST['eid']) ) {
<input type="hidden" name="id" value="<?php echo validInt($_REQUEST['eid']) ?>"/>
<?php
$Event = new Event($_REQUEST['eid']);
echo 'Downloading event ' . $_REQUEST['eid'] . ' Resulting file should be approximately ' . human_filesize( $Event->DiskSpace() );
echo 'Downloading event ' . $Event->Id . '. Resulting file should be approximately ' . human_filesize( $Event->DiskSpace() );
} else if ( !empty($_REQUEST['eids']) ) {
$total_size = 0;
foreach ( $_REQUEST['eids'] as $eid ) {
@ -95,9 +112,9 @@ if ( !empty($_REQUEST['eid']) ) {
<tr>
<th scope="row"><?php echo translate('ExportFormat') ?></th>
<td>
<input type="radio" id="exportFormatTar" name="exportFormat" value="tar" data-on-click-this="configureExportButton"/>
<input type="radio" id="exportFormatTar" name="exportFormat" value="tar"/>
<label for="exportFormatTar"><?php echo translate('ExportFormatTar') ?></label>
<input type="radio" id="exportFormatZip" name="exportFormat" value="zip" checked="checked" data-on-click-this="configureExportButton"/>
<input type="radio" id="exportFormatZip" name="exportFormat" value="zip" checked="checked"/>
<label for="exportFormatZip"><?php echo translate('ExportFormatZip') ?></label>
</td>
</tr>
@ -126,7 +143,7 @@ if ( !empty($_REQUEST['eid']) ) {
}
if ( !empty($_REQUEST['generated']) ) {
?>
<h3 id="downloadLink"><a href="<?php echo validHtmlStr($_REQUEST['exportFile']) ?>"><?php echo translate('Download') ?></a></h3>
<h3 id="downloadLink"><a href="?view=archive&amp;type=<?php echo $exportFormat; ?>"><?php echo translate('Download') ?></a></h3>
<?php
}
?>

View File

@ -74,7 +74,7 @@ if ( $mode == 'single' ) {
?>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="action" value="eventdetail"/>
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<?php

View File

@ -100,7 +100,7 @@ xhtmlHeaders(__FILE__, translate('Events') );
<div id="header">
<div id="info">
<h2><?php echo sprintf($CLANG['EventCount'], $nEvents, zmVlang($VLANG['Event'], $nEvents)) ?></h2>
<a id="refreshLink" href="#" onclick="location.reload(true);"><?php echo translate('Refresh') ?></a>
<a id="refreshLink" href="#"><?php echo translate('Refresh') ?></a>
</div>
<div id="pagination">
<?php
@ -125,7 +125,7 @@ if ( $pages > 1 ) {
?>
</div>
<div id="controls">
<a href="#" onclick="window.history.back();return false;"><?php echo translate('Back') ?></a>
<a href="#" id="backLink"><?php echo translate('Back') ?></a>
<a id="timelineLink" href="?view=timeline<?php echo $filterQuery ?>"><?php echo translate('ShowTimeline') ?></a>
</div>
</div>

View File

@ -47,6 +47,13 @@ if ( isset($_SESSION['export']) ) {
$_REQUEST['exportCompress'] = 0;
}
if (isset($_REQUEST['exportFormat'])) {
if (!in_array($_REQUEST['exportFormat'], array('zip', 'tar'))) {
Error('Invalid exportFormat');
return;
}
}
$focusWindow = true;
$connkey = isset($_REQUEST['connkey']) ? $_REQUEST['connkey'] : generateConnKey();
@ -205,7 +212,7 @@ while ( $event_row = dbFetchNext($results) ) {
</tr>
</tbody>
</table>
<button type="button" id="exportButton" name="exportButton" value="Export" onclick="exportEvent(this.form);" disabled="disabled"><?php echo translate('Export') ?></button>
<button type="button" id="exportButton" name="exportButton" value="Export" disabled="disabled"><?php echo translate('Export') ?></button>
</form>
</div>
<?php

View File

@ -159,7 +159,7 @@ xhtmlHeaders(__FILE__, translate('EventFilter') );
<div id="page">
<?php echo $navbar = getNavBarHTML(); ?>
<div id="content">
<form name="selectForm" id="selectForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="selectForm" id="selectForm" method="get" action="?">
<input type="hidden" name="view" value="filter"/>
<hr/>
<div id="filterSelector"><label for="<?php echo 'Id' ?>"><?php echo translate('UseFilter') ?></label>
@ -188,7 +188,7 @@ if ( (null !== $filter->Concurrent()) and $filter->Concurrent() )
<?php } ?>
<p class="Name">
<label for="filter[Name]"><?php echo translate('Name') ?></label>
<input type="text" id="filter[Name]" name="filter[Name]" value="<?php echo $filter->Name() ?>" oninput="updateButtons(this);"/>
<input type="text" id="filter[Name]" name="filter[Name]" value="<?php echo validHtmlStr($filter->Name()) ?>" oninput="updateButtons(this);"/>
</p>
<table id="fieldsTable" class="filterTable">
<tbody>
@ -281,13 +281,13 @@ for ( $i=0; $i < count($terms); $i++ ) {
} else {
?>
<td><?php echo htmlSelect("filter[Query][terms][$i][op]", $opTypes, $term['op']); ?></td>
<td><input type="text" name="filter[Query][terms][<?php echo $i ?>][val]" value="<?php echo $term['val'] ?>"/></td>
<td><input type="text" name="filter[Query][terms][<?php echo $i ?>][val]" value="<?php echo validHtmlStr($term['val']) ?>"/></td>
<?php
}
} else {
?>
<td><?php echo htmlSelect("filter[Query][terms][$i][op]", $opTypes, $term['op']); ?></td>
<td><input type="text" name="filter[Query][terms][<?php echo $i ?>][val]" value="<?php echo isset($term['val'])?$term['val']:'' ?>"/></td>
<td><input type="text" name="filter[Query][terms][<?php echo $i ?>][val]" value="<?php echo isset($term['val'])?validHtmlStr($term['val']):'' ?>"/></td>
<?php
}
?>
@ -385,7 +385,7 @@ if ( ZM_OPT_MESSAGE ) {
<p>
<label><?php echo translate('FilterExecuteEvents') ?></label>
<input type="checkbox" name="filter[AutoExecute]" value="1"<?php if ( $filter->AutoExecute() ) { ?> checked="checked"<?php } ?>/>
<input type="text" name="filter[AutoExecuteCmd]" value="<?php echo (null !==$filter->AutoExecuteCmd())?$filter->AutoExecuteCmd():'' ?>" maxlength="255" data-on-change-this="updateButtons"/>
<input type="text" name="filter[AutoExecuteCmd]" value="<?php echo (null !==$filter->AutoExecuteCmd())?validHtmlStr($filter->AutoExecuteCmd()):'' ?>" maxlength="255" data-on-change-this="updateButtons"/>
</p>
<p>
<label><?php echo translate('FilterDeleteEvents') ?></label>

View File

@ -51,14 +51,15 @@ $lastFid = $maxFid;
$alarmFrame = $Frame->Type()=='Alarm';
if ( isset( $_REQUEST['scale'] ) ) {
$scale = $_REQUEST['scale'];
$scale = validNum($_REQUEST['scale']);
} else if ( isset( $_COOKIE['zmWatchScale'.$Monitor->Id()] ) ) {
$scale = $_COOKIE['zmWatchScale'.$Monitor->Id()];
$scale = validNum($_COOKIE['zmWatchScale'.$Monitor->Id()]);
} else if ( isset( $_COOKIE['zmWatchScale'] ) ) {
$scale = $_COOKIE['zmWatchScale'];
$scale = validNum($_COOKIE['zmWatchScale']);
} else {
$scale = max( reScale( SCALE_BASE, $Monitor->DefaultScale(), ZM_WEB_DEFAULT_SCALE ), SCALE_BASE );
}
$scale = $scale ?: "auto";
$imageData = $Event->getImageSrc( $frame, $scale, 0 );
if ( ! $imageData ) {
@ -67,7 +68,7 @@ if ( ! $imageData ) {
}
$show = 'capt';
if ( isset($_REQUEST['show']) ) {
if (isset($_REQUEST['show']) && in_array($_REQUEST['show'], array('capt', 'anal'))) {
$show = $_REQUEST['show'];
} else if ( $imageData['hasAnalImage'] ) {
$show = 'anal';
@ -89,9 +90,9 @@ xhtmlHeaders(__FILE__, translate('Frame').' - '.$Event->Id()." - ".$Frame->Frame
<div id="headerButtons">
<?php if ( ZM_RECORD_EVENT_STATS && $alarmFrame ) { echo makePopupLink( '?view=stats&amp;eid='.$Event->Id().'&amp;fid='.$Frame->FrameId(), 'zmStats', 'stats', translate('Stats') ); } ?>
<?php if ( canEdit( 'Events' ) ) { ?><a href="?view=none&amp;action=delete&amp;markEid=<?php echo $Event->Id() ?>"><?php echo translate('Delete') ?></a><?php } ?>
<a href="#" onclick="closeWindow(); return( false );"><?php echo translate('Close') ?></a>
<a href="#" data-on-click="closeWindow"><?php echo translate('Close') ?></a>
</div>
<div id="scaleControl"><label for="scale"><?php echo translate('Scale') ?></label><?php echo buildSelect('scale', $scales, 'changeScale();'); ?></div>
<div id="scaleControl"><label for="scale"><?php echo translate('Scale') ?></label><?php echo buildSelect('scale', $scales); ?></div>
<h2><?php echo translate('Frame') ?> <?php echo $Event->Id().'-'.$Frame->FrameId().' ('.$Frame->Score().')' ?></h2>
<input type="hidden" name="base_width" id="base_width" value="<?php echo $Event->Width(); ?>"/>
<input type="hidden" name="base_height" id="base_height" value="<?php echo $Event->Height(); ?>"/>
@ -103,19 +104,19 @@ xhtmlHeaders(__FILE__, translate('Frame').' - '.$Event->Id()." - ".$Frame->Frame
<?php if ( $imageData['hasAnalImage'] ) {
echo sprintf('<a href="?view=frame&amp;eid=%d&amp;fid=%d&scale=%d&amp;show=%s">', $Event->Id(), $Frame->FrameId(), $scale, ( $show=='anal'?'capt':'anal' ) );
} ?>
<img id="frameImg" src="<?php echo $Frame->getImageSrc($show=='anal'?'analyse':'capture') ?>" width="<?php echo reScale( $Event->Width(), $Event->DefaultScale(), $scale ) ?>" height="<?php echo reScale( $Event->Height(), $Event->DefaultScale(), $scale ) ?>" alt="<?php echo $Frame->EventId()."-".$Frame->FrameId() ?>" class="<?php echo $imageData['imageClass'] ?>"/>
<img id="frameImg" src="<?php echo validHtmlStr($Frame->getImageSrc($show=='anal'?'analyse':'capture')) ?>" width="<?php echo reScale( $Event->Width(), $Event->DefaultScale(), $scale ) ?>" height="<?php echo reScale( $Event->Height(), $Event->DefaultScale(), $scale ) ?>" alt="<?php echo $Frame->EventId()."-".$Frame->FrameId() ?>" class="<?php echo $imageData['imageClass'] ?>"/>
<?php if ( $imageData['hasAnalImage'] ) { ?></a><?php } ?>
</p>
<p id="controls">
<?php if ( $Frame->FrameId() > 1 ) { ?>
<button type="button" id="firstLink" onclick="window.location='?view=frame&amp;eid=<?php echo $Event->Id() ?>&amp;fid=<?php echo $firstFid ?>&amp;scale=<?php echo $scale ?>&amp;show=<?php echo $show ?>';"><?php echo translate('First') ?></button>
<button type="button" id="prevLink" onclick="window.location='?view=frame&amp;eid=<?php echo $Event->Id() ?>&amp;fid=<?php echo $prevFid ?>&amp;scale=<?php echo $scale ?>&amp;show=<?php echo $show ?>';"><?php echo translate('Prev') ?></button>
<a class="btn-primary" id="firstLink" href="?view=frame&amp;eid=<?php echo $Event->Id() ?>&amp;fid=<?php echo $firstFid ?>&amp;scale=<?php echo $scale ?>&amp;show=<?php echo $show ?>"><?php echo translate('First') ?></a>
<a class="btn-primary" id="prevLink" href="?view=frame&amp;eid=<?php echo $Event->Id() ?>&amp;fid=<?php echo $prevFid ?>&amp;scale=<?php echo $scale ?>&amp;show=<?php echo $show ?>"><?php echo translate('Prev') ?></a>
<?php
}
if ( $Frame->FrameId() < $maxFid ) { ?>
<button type="button" id="nextLink" onclick="window.location='?view=frame&amp;eid=<?php echo $Event->Id() ?>&amp;fid=<?php echo $nextFid ?>&amp;scale=<?php echo $scale ?>&amp;show=<?php echo $show ?>';"><?php echo translate('Next') ?></button>
<button type="button" id="lastLink" onclick="window.location='?view=frame&amp;eid=<?php echo $Event->Id() ?>&amp;fid=<?php echo $lastFid ?>&amp;scale=<?php echo $scale ?>&amp;show=<?php echo $show ?>';"><?php echo translate('Last') ?></button>
<a class="btn-primary" id="nextLink" href="?view=frame&amp;eid=<?php echo $Event->Id() ?>&amp;fid=<?php echo $nextFid ?>&amp;scale=<?php echo $scale ?>&amp;show=<?php echo $show ?>"><?php echo translate('Next') ?></a>
<a class="btn-primary" id="lastLink" href="?view=frame&amp;eid=<?php echo $Event->Id() ?>&amp;fid=<?php echo $lastFid ?>&amp;scale=<?php echo $scale ?>&amp;show=<?php echo $show ?>"><?php echo translate('Last') ?></a>
<?php } ?>
</p>
<?php if (file_exists ($dImagePath)) { ?>

View File

@ -39,7 +39,7 @@ xhtmlHeaders(__FILE__, translate('Frames').' - '.$Event->Id() );
<h2><?php echo translate('Frames') ?> - <?php echo $Event->Id() ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="get" action="?">
<input type="hidden" name="view" value="none"/>
<table id="contentTable" class="major" cellspacing="0">
<thead>

View File

@ -35,7 +35,7 @@ xhtmlHeaders(__FILE__, translate('Function').' - '.validHtmlStr($monitor['Name']
<h2><?php echo translate('Function').' - '.validHtmlStr($monitor['Name']) ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="function"/>
<input type="hidden" name="action" value="function"/>
<input type="hidden" name="mid" value="<?php echo $monitor['Id'] ?>"/>

View File

@ -34,10 +34,10 @@ xhtmlHeaders(__FILE__, translate('Group').' - '.$newGroup->Name());
<body>
<div id="page">
<div id="header">
<h2><?php echo translate('Group') ?> - <?php echo $newGroup->Name() ?></h2>
<h2><?php echo translate('Group') ?> - <?php echo validHtmlStr($newGroup->Name()); ?></h2>
</div>
<div id="content">
<form name="groupForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="groupForm" method="post" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="gid" value="<?php echo $newGroup->Id() ?>"/>
<table id="contentTable" class="major">

View File

@ -47,7 +47,7 @@ xhtmlHeaders(__FILE__, translate('Groups'));
<div id="page">
<?php echo $navbar = getNavBarHTML(); ?>
<div id="content">
<form name="groupsForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="groupsForm" method="get" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="action" value="setgroup"/>
<table id="contentTable" class="major">

View File

@ -29,7 +29,7 @@ function exportProgress() {
}
function exportResponse( respObj, respText ) {
window.location.replace( thisUrl+'?view='+currentView+'&'+eidParm+'&exportFile='+respObj.exportFile+'&generated='+((respObj.result=='Ok')?1:0) );
window.location.replace( thisUrl+'?view='+currentView+'&'+eidParm+'&exportFormat='+respObj.exportFormat+'&generated='+((respObj.result=='Ok')?1:0) );
}
function exportEvent( form ) {
@ -48,6 +48,9 @@ function initPage() {
if ( exportReady ) {
startDownload.pass( exportFile ).delay( 1500 );
}
document.getElementById('exportButton').addEventListener("click", function onClick(evt) {
exportEvent(this.form);
});
}
window.addEventListener( 'DOMContentLoaded', initPage );

View File

@ -14,6 +14,6 @@ var eidParm = 'eid=<?php echo validInt($_REQUEST['eid']) ?>';
?>
var exportReady = <?php echo !empty($_REQUEST['generated'])?'true':'false' ?>;
var exportFile = '<?php echo !empty($_REQUEST['exportFile'])?validJsStr($_REQUEST['exportFile']):'' ?>';
var exportFile = '?view=archive&type=<?php echo $exportFormat; ?>';
var exportProgressString = '<?php echo addslashes(translate('Exporting')) ?>';

View File

@ -167,12 +167,20 @@ function initPage() {
if ( window.history.length == 1 ) {
$j('#controls').children().eq(0).html('');
}
$j('.colThumbnail img').each(function(){
this.addEventListener('mouseover',thumbnail_onmouseover,false);
this.addEventListener('mouseout',thumbnail_onmouseout,false);
$j('.colThumbnail img').each(function() {
this.addEventListener('mouseover', thumbnail_onmouseover, false);
this.addEventListener('mouseout', thumbnail_onmouseout, false);
});
$j('input[name=eids\\[\\]]').each(function(){
this.addEventListener('click',configureButton,false);
$j('input[name=eids\\[\\]]').each(function() {
this.addEventListener('click', configureButton, false);
});
document.getElementById("refreshLink").addEventListener("click", function onRefreshClick(evt) {
evt.preventDefault();
window.location.reload(true);
});
document.getElementById("backLink").addEventListener("click", function onBackClick(evt) {
evt.preventDefault();
window.history.back();
});
}

View File

@ -59,6 +59,9 @@ function initPage() {
if ( exportReady ) {
startDownload.pass( exportFile ).delay( 1500 );
}
document.getElementById('exportButton').addEventListener('click', function onClick() {
exportEvent(this.form);
});
}
window.addEventListener( 'DOMContentLoaded', initPage );

View File

@ -30,4 +30,10 @@ function changeScale() {
});
}
if (scale == 'auto') $j(document).ready(changeScale);
if (scale == 'auto') {
$j(document).ready(changeScale);
}
document.addEventListener('DOMContentLoaded', function onDCL() {
document.getElementById('scale').addEventListener('change', changeScale);
});

View File

@ -1,3 +1,3 @@
var scale = '<?php echo $scale ?>';
var scale = '<?php echo validJsStr($scale); ?>';
var SCALE_BASE = <?php echo SCALE_BASE ?>;

View File

@ -64,7 +64,16 @@ function logResponse( respObj ) {
if ( ( !minLogTime ) || ( log.TimeKey < minLogTime ) ) {
minLogTime = log.TimeKey;
}
var row = logTable.push( [{content: log.DateTime, properties: {style: 'white-space: nowrap'}}, log.Component, log.Server, log.Pid, log.Code, log.Message, log.File, log.Line] );
// Manually create table cells by setting the text since `push` will set HTML which
// can lead to XSS.
let messageCell = new Element('td');
messageCell.set('text', log.Message);
let fileCell = new Element('td');
fileCell.set('text', log.File);
var row = logTable.push( [{content: log.DateTime, properties: {style: 'white-space: nowrap'}}, log.Component, log.Server, log.Pid, log.Code, messageCell, fileCell, log.Line] );
delete log.Message;
row.tr.store( 'log', log );

View File

@ -133,9 +133,9 @@ function validateForm( form ) {
if ( errors.length ) {
alert( errors.join( "\n" ) );
return( false );
return false;
}
return( true );
return true;
}
function updateLinkedMonitors( element ) {

View File

@ -936,7 +936,7 @@ function initPage() {
console.log("No canvas found for monitor " + monitor_id);
continue;
}
monitor_canvas.addEventListener('click',clickMonitor,false);
monitor_canvas.addEventListener('click', clickMonitor, false);
}
setSpeed(speedIndex);
//setFit(fitMode); // will redraw

View File

@ -90,7 +90,7 @@ xhtmlHeaders(__FILE__, translate('SystemLog') );
</table>
<button type="reset" data-on-click="resetLog"><?php echo translate('Reset') ?></button>
</div>
<form name="logForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="logForm" method="post" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<table id="logTable" class="major">
<thead class="thead-highlight">

View File

@ -4,7 +4,7 @@ xhtmlHeaders(__FILE__, translate('Login') );
<body>
<?php echo getNavBarHTML(); ?>
<div class="container">
<form class="center-block" name="loginForm" id="loginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form class="center-block" name="loginForm" id="loginForm" method="post" action="?">
<input type="hidden" name="action" value="login"/>
<input type="hidden" name="view" value="login"/>
<input type="hidden" name="postLoginQuery" value="<?php echo htmlspecialchars($_SERVER['QUERY_STRING']) ?>">
@ -16,7 +16,7 @@ xhtmlHeaders(__FILE__, translate('Login') );
<div id="loginform">
<h1><i class="material-icons md-36">account_circle</i> <?php echo ZM_WEB_TITLE . ' ' . translate('Login') ?></h1>
<h1><i class="material-icons md-36">account_circle</i> <?php echo validHtmlStr(ZM_WEB_TITLE) . ' ' . translate('Login') ?></h1>
<label for="inputUsername" class="sr-only"><?php echo translate('Username') ?></label>
<input type="text" id="inputUsername" name="username" class="form-control" placeholder="Username" required autofocus autocomplete="username"/>

View File

@ -25,10 +25,10 @@ xhtmlHeaders(__FILE__, translate('Logout') );
<body>
<div id="page">
<div id="header">
<h1><?php echo ZM_WEB_TITLE . ' ' . translate('Logout') ?></h1>
<h1><?php echo validHtmlStr(ZM_WEB_TITLE) . ' ' . translate('Logout') ?></h1>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="action" value="logout"/>
<input type="hidden" name="view" value="logout"/>
<p><?php echo sprintf( $CLANG['CurrentLogin'], $user['Username'] ) ?></p>

View File

@ -108,8 +108,8 @@ if ( ! $monitor ) {
'EventPrefix' => 'Event-',
'AnalysisFPSLimit' => '',
'AnalysisUpdateDelay' => 0,
'MaxFPS' => '30',
'AlarmMaxFPS' => '30',
'MaxFPS' => null,
'AlarmMaxFPS' => null,
'FPSReportInterval' => 100,
'RefBlendPerc' => 6,
'AlarmRefBlendPerc' => 6,
@ -462,7 +462,7 @@ if ( canEdit( 'Monitors' ) ) {
if ( isset ($_REQUEST['dupId'])) {
?>
<div class="alert alert-info">
Configuration cloned from Monitor: <?php echo $clonedName ?>
Configuration cloned from Monitor: <?php echo validHtmlStr($clonedName) ?>
</div>
<?php
}
@ -517,13 +517,13 @@ foreach ( $tabs as $name=>$value ) {
?>
</ul>
<div class="clear"></div>
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="if(validateForm(this)){$j('#contentButtons').hide();return true;}else{return false;};">
<form name="contentForm" id="contentForm" method="post" action="?" onsubmit="if(validateForm(this)){$j('#contentButtons').hide();return true;}else{return false;};">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="tab" value="<?php echo $tab ?>"/>
<input type="hidden" name="action" value="monitor"/>
<input type="hidden" name="mid" value="<?php echo $monitor->Id()?>"/>
<input type="hidden" name="newMonitor[LinkedMonitors]" value="<?php echo (null !== $monitor->LinkedMonitors())?$monitor->LinkedMonitors():'' ?>"/>
<input type="hidden" name="origMethod" value="<?php echo ( null !== $monitor->Method())?$monitor->Method():'' ?>"/>
<input type="hidden" name="newMonitor[LinkedMonitors]" value="<?php echo (null !== $monitor->LinkedMonitors())?validHtmlStr($monitor->LinkedMonitors()):'' ?>"/>
<input type="hidden" name="origMethod" value="<?php echo ( null !== $monitor->Method())?validHtmlStr($monitor->Method()):'' ?>"/>
<?php
if ( $tab != 'general' ) {
?>
@ -724,7 +724,7 @@ switch ( $tab ) {
foreach ( $monitors as $linked_monitor ) {
if ( (!$monitor->Id() || ($monitor->Id()!= $linked_monitor['Id'])) && visibleMonitor( $linked_monitor['Id'] ) ) {
?>
<option value="<?php echo $linked_monitor['Id'] ?>"<?php if ( array_key_exists( $linked_monitor['Id'], $monitorIds ) ) { ?> selected="selected"<?php } ?>><?php echo validHtmlStr($linked_monitor['Name']) ?></option>
<option value="<?php echo validHtmlStr($linked_monitor['Id']); ?>"<?php if ( array_key_exists( $linked_monitor['Id'], $monitorIds ) ) { ?> selected="selected"<?php } ?>><?php echo validHtmlStr($linked_monitor['Name']) ?></option>
<?php
}
}
@ -835,7 +835,7 @@ echo htmlOptions(Group::get_dropdown_options( ), $monitor->GroupIds() );
<input type="radio" name="newMonitor[V4LMultiBuffer]" id="newMonitor[V4LMultiBuffer]" value="" <?php echo ( $monitor->V4LMultiBuffer() ? 'checked="checked"' : '' ) ?>/>
<label for="newMonitor[V4LMultiBuffer]">Use Config Value</label>
</td></tr>
<tr><td><?php echo translate('V4LCapturesPerFrame') ?></td><td><input type="number" name="newMonitor[V4LCapturesPerFrame]" value="<?php echo $monitor->V4LCapturesPerFrame()?>"/></td></tr>
<tr><td><?php echo translate('V4LCapturesPerFrame') ?></td><td><input type="number" name="newMonitor[V4LCapturesPerFrame]" value="<?php echo validHtmlStr($monitor->V4LCapturesPerFrame()); ?>"/></td></tr>
<?php
} else if ( $monitor->Type() == 'NVSocket' ) {
@ -873,7 +873,7 @@ include('_monitor_source_nvsocket.php');
<tr><td><?php echo translate('WebSiteUrl') ?></td><td><input type="text" name="newMonitor[Path]" value="<?php echo validHtmlStr($monitor->Path()) ?>" size="36"/></td></tr>
<tr><td><?php echo translate('Width') ?> (<?php echo translate('Pixels') ?>)</td><td><input type="text" name="newMonitor[Width]" value="<?php echo validHtmlStr($monitor->Width()) ?>" size="4";"/></td></tr>
<tr><td><?php echo translate('Height') ?> (<?php echo translate('Pixels') ?>)</td><td><input type="text" name="newMonitor[Height]" value="<?php echo validHtmlStr($monitor->Height()) ?>" size="4";"/></td></tr>
<tr><td><?php echo 'Web Site Refresh (Optional)' ?></td><td><input type="number" name="newMonitor[Refresh]" value="<?php echo $monitor->Refresh()?>"/></td></tr>
<tr><td><?php echo 'Web Site Refresh (Optional)' ?></td><td><input type="number" name="newMonitor[Refresh]" value="<?php echo validHtmlStr($monitor->Refresh()); ?>"/></td></tr>
<?php
} elseif ( $monitor->Type() == 'Ffmpeg' || $monitor->Type() == 'Libvlc' ) {
?>
@ -897,11 +897,11 @@ if ( $monitor->Type() != 'NVSocket' && $monitor->Type() != 'WebSite' ) {
}
if ( $monitor->Type() == 'Local' ) {
?>
<tr><td><?php echo translate('Deinterlacing') ?></td><td><select name="newMonitor[Deinterlacing]"><?php foreach ( $deinterlaceopts_v4l2 as $name => $value ) { ?><option value="<?php echo $value ?>"<?php if ( $value == $monitor->Deinterlacing()) { ?> selected="selected"<?php } ?>><?php echo $name ?></option><?php } ?></select></td></tr>
<tr><td><?php echo translate('Deinterlacing') ?></td><td><select name="newMonitor[Deinterlacing]"><?php foreach ( $deinterlaceopts_v4l2 as $name => $value ) { ?><option value="<?php echo validHtmlStr($value); ?>"<?php if ( $value == $monitor->Deinterlacing()) { ?> selected="selected"<?php } ?>><?php echo validHtmlStr($name); ?></option><?php } ?></select></td></tr>
<?php
} else if ( $monitor->Type() != 'WebSite' ) {
?>
<tr><td><?php echo translate('Deinterlacing') ?></td><td><select name="newMonitor[Deinterlacing]"><?php foreach ( $deinterlaceopts as $name => $value ) { ?><option value="<?php echo $value ?>"<?php if ( $value == $monitor->Deinterlacing()) { ?> selected="selected"<?php } ?>><?php echo $name ?></option><?php } ?></select></td></tr>
<tr><td><?php echo translate('Deinterlacing') ?></td><td><select name="newMonitor[Deinterlacing]"><?php foreach ( $deinterlaceopts as $name => $value ) { ?><option value="<?php echo validHtmlStr($value); ?>"<?php if ( $value == $monitor->Deinterlacing()) { ?> selected="selected"<?php } ?>><?php echo validHtmlStr($name); ?></option><?php } ?></select></td></tr>
<?php
}
?>
@ -915,7 +915,7 @@ if ( $monitor->Type() == 'Local' ) {
}
case 'storage' :
?>
<tr><td><?php echo translate('SaveJPEGs') ?></td><td><select name="newMonitor[SaveJPEGs]"><?php foreach ( $savejpegopts as $name => $value ) { ?><option value="<?php echo $value ?>"<?php if ( $value == $monitor->SaveJPEGs() ) { ?> selected="selected"<?php } ?>><?php echo $name ?></option><?php } ?></select></td></tr>
<tr><td><?php echo translate('SaveJPEGs') ?></td><td><select name="newMonitor[SaveJPEGs]"><?php foreach ( $savejpegopts as $name => $value ) { ?><option value="<?php echo validHtmlStr($value); ?>"<?php if ( $value == $monitor->SaveJPEGs() ) { ?> selected="selected"<?php } ?>><?php echo validHtmlStr($name); ?></option><?php } ?></select></td></tr>
<tr><td><?php echo translate('VideoWriter') ?></td><td>
<?php
$videowriteropts = array(
@ -953,7 +953,7 @@ if ( $monitor->Type() == 'Local' ) {
<tr><td><?php echo translate('TimestampLabelFormat') ?></td><td><input type="text" name="newMonitor[LabelFormat]" value="<?php echo validHtmlStr($monitor->LabelFormat()) ?>" size="32"/></td></tr>
<tr><td><?php echo translate('TimestampLabelX') ?></td><td><input type="text" name="newMonitor[LabelX]" value="<?php echo validHtmlStr($monitor->LabelX()) ?>" size="4"/></td></tr>
<tr><td><?php echo translate('TimestampLabelY') ?></td><td><input type="text" name="newMonitor[LabelY]" value="<?php echo validHtmlStr($monitor->LabelY()) ?>" size="4"/></td></tr>
<tr><td><?php echo translate('TimestampLabelSize') ?></td><td><select name="newMonitor[LabelSize]"><?php foreach ( $label_size as $name => $value ) { ?><option value="<?php echo $value ?>"<?php if ( $value == $monitor->LabelSize() ) { ?> selected="selected"<?php } ?>><?php echo $name ?></option><?php } ?></select></td></tr>
<tr><td><?php echo translate('TimestampLabelSize') ?></td><td><select name="newMonitor[LabelSize]"><?php foreach ( $label_size as $name => $value ) { ?><option value="<?php echo validHtmlStr($value); ?>"<?php if ( $value == $monitor->LabelSize() ) { ?> selected="selected"<?php } ?>><?php echo validHtmlStr($name); ?></option><?php } ?></select></td></tr>
<?php
break;
}
@ -1021,7 +1021,7 @@ if ( $monitor->Type() == 'Local' ) {
<td><?php echo translate('SignalCheckColour') ?></td>
<td>
<input type="text" name="newMonitor[SignalCheckColour]" value="<?php echo validHtmlStr($monitor->SignalCheckColour()) ?>" size="10" onchange="$('SignalCheckSwatch').setStyle('backgroundColor', this.value)"/>
<span id="SignalCheckSwatch" class="swatch" style="background-color: <?php echo $monitor->SignalCheckColour()?>;">&nbsp;&nbsp;&nbsp;&nbsp;</span>
<span id="SignalCheckSwatch" class="swatch" style="background-color: <?php echo validHtmlStr($monitor->SignalCheckColour()); ?>;">&nbsp;&nbsp;&nbsp;&nbsp;</span>
</td>
</tr>
<tr>
@ -1044,7 +1044,7 @@ if ( $monitor->Type() == 'Local' ) {
</table>
<div id="contentButtons">
<button type="submit" value="Save"<?php echo canEdit('Monitors') ? '' : ' disabled="disabled"' ?>><?php echo translate('Save') ?></button>
<button data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
<button type="button" data-on-click="closeWindow"><?php echo translate('Cancel') ?></button>
</div>
</form>
</div>

View File

@ -41,7 +41,7 @@ xhtmlHeaders(__FILE__, translate('MonitorPreset') );
<h2><?php echo translate('MonitorPreset') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="mid" value="<?php echo validNum($_REQUEST['mid']) ?>"/>
<p>

View File

@ -322,7 +322,7 @@ xhtmlHeaders(__FILE__, translate('MonitorProbe') );
<h2><?php echo translate('MonitorProbe') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="mid" value="<?php echo validNum($_REQUEST['mid']) ?>"/>
<p>

View File

@ -48,7 +48,7 @@ xhtmlHeaders(__FILE__, translate('Function'));
<div id="content">
The following monitors will have these settings update when you click Save:<br/><br/>
<?php echo implode('<br/>', array_map(function($m){return $m->Id().' ' .$m->Name();}, $monitors)); ?>
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="$j('#contentButtons').hide();return true;">
<form name="contentForm" id="contentForm" method="post" action="?" onsubmit="$j('#contentButtons').hide();return true;">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="action" value="save"/>
<input type="hidden" name="object" value="Monitor"/>

View File

@ -144,11 +144,11 @@ if ( $showControl ) {
}
if ( $showZones ) {
?>
<a id="ShowZones" href="<?php echo $_SERVER['PHP_SELF'].'?view=montage&showZones=0'; ?>">Hide Zones</a>
<a id="ShowZones" href="?view=montage&showZones=0">Hide Zones</a>
<?php
} else {
?>
<a id="ShowZones" href="<?php echo $_SERVER['PHP_SELF'].'?view=montage&showZones=1'; ?>">Show Zones</a>
<a id="ShowZones" href="?view=montage&showZones=1">Show Zones</a>
<?php
}
?>
@ -176,7 +176,7 @@ if ( $showZones ) {
</span>
<span id="layoutControl">
<label for="layout"><?php echo translate('Layout') ?>:</label>
<?php echo htmlSelect('zmMontageLayout', $layoutsById, $layout_id, array('onchange'=>'selectLayout(this);', 'id'=>'zmMontageLayout')); ?>
<?php echo htmlSelect('zmMontageLayout', $layoutsById, $layout_id, array('onchange'=>'selectLayout(this);')); ?>
</span>
<input type="hidden" name="Positions"/>
<input type="button" id="EditLayout" value="<?php echo translate('EditLayout') ?>" data-on-click-this="edit_layout"/>

View File

@ -234,7 +234,7 @@ xhtmlHeaders(__FILE__, translate('MontageReview') );
<body>
<div id="page">
<?php echo getNavBarHTML() ?>
<form id="montagereview_form" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="get">
<form id="montagereview_form" action="?" method="get">
<input type="hidden" name="view" value="montagereview"/>
<div id="header">&nbsp;&nbsp;
<a href="#"><span id="hdrbutton" class="glyphicon glyphicon-menu-up pull-right"></span></a>

View File

@ -25,7 +25,7 @@ $skinJsFile = getSkinFile('js/skin.js');
<html lang="en">
<head>
<meta charset="utf-8">
<title><?php echo ZM_WEB_TITLE_PREFIX ?></title>
<title><?php echo validHtmlStr(ZM_WEB_TITLE_PREFIX); ?></title>
<script nonce="<?php echo $cspNonce ?>">
<?php
require_once($skinJsPhpFile);

View File

@ -170,7 +170,7 @@ if ( !isset($_REQUEST['step']) || ($_REQUEST['step'] == '1') ) {
<h2><?php echo translate('MonitorProbe') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="mid" value="<?php echo validNum($_REQUEST['mid']) ?>"/>
<input type="hidden" name="step" value=""/>
@ -248,7 +248,7 @@ if ( !isset($_REQUEST['step']) || ($_REQUEST['step'] == '1') ) {
<h2><?php echo translate('ProfileProbe') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="mid" value="<?php echo validNum($_REQUEST['mid']) ?>"/>
<input type="hidden" name="step"/>

View File

@ -70,7 +70,11 @@ if ( $tab == 'skins' ) {
$reload = true;
}
if ( $reload )
echo "<script nonce=\"$cspNonce\">if(window.opener){window.opener.location.reload();}window.location.href=\"{$_SERVER['PHP_SELF']}?view={$view}&tab={$tab}\"</script>";
echo "<script nonce=\"$cspNonce\">if (window.opener) {
window.opener.location.reload();
}
window.location.href=\"?view={$view}&tab={$tab}\";
</script>";
} # end if tab == skins
?>
@ -95,7 +99,7 @@ foreach ( $tabs as $name=>$value ) {
<?php
if ( $tab == 'skins' ) {
?>
<form name="optionsForm" class="form-horizontal" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="optionsForm" class="form-horizontal" method="get" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="tab" value="<?php echo $tab ?>"/>
<div class="form-group">
@ -132,7 +136,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI
<?php
} else if ( $tab == 'users' ) {
?>
<form name="userForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="userForm" method="post" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="tab" value="<?php echo $tab ?>"/>
<input type="hidden" name="action" value="delete"/>
@ -199,7 +203,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI
</form>
<?php
} else if ( $tab == 'servers' ) { ?>
<form name="serversForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="serversForm" method="post" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="tab" value="<?php echo $tab ?>"/>
<input type="hidden" name="action" value="delete"/>
@ -264,7 +268,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI
</form>
<?php
} else if ( $tab == 'storage' ) { ?>
<form name="storageForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="storageForm" method="post" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="tab" value="<?php echo $tab ?>"/>
<input type="hidden" name="action" value="delete"/>
@ -328,7 +332,7 @@ foreach ( array_map('basename', glob('skins/'.$current_skin.'/css/*',GLOB_ONLYDI
$configCats[$tab]['ZM_BANDWIDTH_DEFAULT']['Hint'] = $bandwidth_options;
}
?>
<form name="optionsForm" class="form-horizontal" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="optionsForm" class="form-horizontal" method="post" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="tab" value="<?php echo $tab ?>"/>
<input type="hidden" name="action" value="options"/>

View File

@ -107,7 +107,7 @@ function pLang($name)
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2>
</div>
<div id="content">
<form name="pluginForm" id="pluginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="pluginForm" id="pluginForm" method="post" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value="plugin"/>
<input type="hidden" name="mid" value="<?php echo $mid ?>"/>

View File

@ -23,7 +23,7 @@ xhtmlHeaders(__FILE__, translate('LoggingIn') );
<body>
<div id="page">
<div id="header">
<h1><?php echo ZM_WEB_TITLE . ' ' . translate('Login') ?></h1>
<h1><?php echo validHtmlStr(ZM_WEB_TITLE) . ' ' . translate('Login') ?></h1>
</div>
<div id="content">
<h2><?php echo translate('LoggingIn') ?></h2>

View File

@ -40,7 +40,7 @@ xhtmlHeaders(__FILE__, translate('Privacy') );
<h1>ZoneMinder - <?php echo translate('Privacy') ?></h1>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="action" value="privacy"/>
<h6><?php echo translate('PrivacyAbout') ?></h6>

View File

@ -113,7 +113,7 @@ while( $event = $result->fetch(PDO::FETCH_ASSOC) ) {
?>
<body>
<form name="monitorForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="monitorForm" method="get" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value=""/>
@ -205,7 +205,7 @@ for( $monitor_i = 0; $monitor_i < count($displayMonitors); $monitor_i += 1 ) {
$Group = new Group($group_id);
$Groups = $Group->Parents();
array_push($Groups, $Group);
return implode(' &gt; ', array_map(function($Group){ return '<a href="'. ZM_BASE_URL.$_SERVER['PHP_SELF'].'?view=montagereview&GroupId='.$Group->Id().'">'.$Group->Name().'</a>'; }, $Groups ));
return implode(' &gt; ', array_map(function($Group){ return '<a href="?view=montagereview&GroupId='.$Group->Id().'">'.$Group->Name().'</a>'; }, $Groups ));
}, $Monitor->GroupIds() ) );
?>
</div></td>

View File

@ -39,7 +39,7 @@ xhtmlHeaders(__FILE__, translate('Server').' - '.$Server->Name());
<h2><?php echo translate('Server').' - '.$Server->Name() ?></h2>
</div>
<div id="content">
<form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" class="validateFormOnSubmit">
<form name="contentForm" method="post" action="?" class="validateFormOnSubmit">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="object" value="server"/>
<input type="hidden" name="id" value="<?php echo validHtmlStr($_REQUEST['id']) ?>"/>

View File

@ -44,7 +44,7 @@ xhtmlHeaders(__FILE__, validHtmlStr($monitor['Name'])." - ".translate('Settings'
<h2><?php echo validHtmlStr($monitor['Name']) ?> - <?php echo translate('Settings') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value="settings"/>
<input type="hidden" name="mid" value="<?php echo validInt($_REQUEST['mid']) ?>"/>

View File

@ -24,7 +24,7 @@ if ( !canEdit('System') ) {
}
?>
<div id="modalState" class="modal fade">
<form class="form-horizontal" name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>?view=state">
<form class="form-horizontal" name="contentForm" id="contentForm" method="get" action="?view=state">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
@ -54,7 +54,7 @@ if ( $running ) {
$states = dbFetchAll('SELECT * FROM States');
foreach ( $states as $state ) {
?>
<option value="<?php echo $state['Name'] ?>"><?php echo $state['Name'] ?></option>
<option value="<?php echo validHtmlStr($state['Name']) ?>"><?php echo validHtmlStr($state['Name']); ?></option>
<?php
}
?>

View File

@ -43,7 +43,7 @@ xhtmlHeaders(__FILE__, translate('Stats')." - ".$eid." - ".$fid );
<h2><?php echo translate('Stats') ?> - <?php echo $eid ?> - <?php echo $fid ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="get" action="?">
<input type="hidden" name="view" value="none"/>
<table id="contentTable" class="major" cellspacing="0">
<thead>

View File

@ -63,7 +63,7 @@ xhtmlHeaders(__FILE__, translate('Storage')." - ".$newStorage['Name'] );
<h2><?php echo translate('Storage')." - ".$newStorage['Name'] ?></h2>
</div>
<div id="content">
<form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" class="validateFormOnSubmit">
<form name="contentForm" method="post" action="?" class="validateFormOnSubmit">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="object" value="storage"/>
<input type="hidden" name="id" value="<?php echo validHtmlStr($_REQUEST['id']) ?>"/>

View File

@ -58,14 +58,14 @@ xhtmlHeaders(__FILE__, translate('User').' - '.$newUser['Username']);
<body>
<div id="page">
<div id="header">
<h2><?php echo translate('User').' - '.$newUser['Username'] ?></h2>
<h2><?php echo translate('User').' - '.validHtmlStr($newUser['Username']); ?></h2>
</div>
<div id="content">
<form name="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onsubmit="return validateForm( this, <?php echo empty($newUser['Password'])?'true':'false' ?> )">
<form name="contentForm" method="post" action="?" onsubmit="return validateForm( this, <?php echo empty($newUser['Password'])?'true':'false' ?> )">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value="user"/>
<input type="hidden" name="uid" value="<?php echo validHtmlStr($_REQUEST['uid']) ?>"/>
<input type="hidden" name="newUser[MonitorIds]" value="<?php echo $newUser['MonitorIds'] ?>"/>
<input type="hidden" name="newUser[MonitorIds]" value="<?php echo validHtmlStr($newUser['MonitorIds']); ?>"/>
<table id="contentTable" class="major">
<tbody>
<?php
@ -73,18 +73,18 @@ if ( canEdit('System') ) {
?>
<tr>
<th scope="row"><?php echo translate('Username') ?></th>
<td><input type="text" name="newUser[Username]" value="<?php echo $newUser['Username'] ?>"/></td>
<td><input type="text" name="newUser[Username]" value="<?php echo validHtmlStr($newUser['Username']); ?>"/></td>
</tr>
<?php
}
?>
<tr>
<th scope="row"><?php echo translate('NewPassword') ?></th>
<td><input type="password" name="newUser[Password]"/></td>
<td><input type="password" name="newUser[Password]" autocomplete="new-password"/></td>
</tr>
<tr>
<th scope="row"><?php echo translate('ConfirmPassword') ?></th>
<td><input type="password" name="conf_password"/></td>
<td><input type="password" name="conf_password" autocomplete="new-password"/></td>
</tr>
<tr>
<th scope="row"><?php echo translate('Language') ?></th>

View File

@ -63,7 +63,7 @@ if ( ZM_DYN_DB_VERSION && (ZM_DYN_DB_VERSION != ZM_VERSION) ) {
<?php
} else {
?>
<form name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="get" action="?">
<input type="hidden" name="view" value="none"/>
<input type="hidden" name="action" value="version"/>
<p><?php echo translate('UpdateAvailable') ?></p>

View File

@ -123,7 +123,7 @@ if ( isset($_REQUEST['showIndex']) ) {
<?php
} else {
?>
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="id" value="<?php echo $event['Id'] ?>"/>
<table id="contentTable" class="minor">
<tbody>

View File

@ -122,7 +122,7 @@ xhtmlHeaders(__FILE__, translate('Zone') );
<h2><?php echo translate('Monitor') ?> <?php echo $monitor->Name() ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?></h2>
</div>
<div id="content">
<form name="zoneForm" id="zoneForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>" onkeypress="return event.keyCode != 13;">
<form name="zoneForm" id="zoneForm" method="post" action="?" onkeypress="return event.keyCode != 13;">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value="zone"/>
<input type="hidden" name="mid" value="<?php echo $mid ?>"/>

View File

@ -52,7 +52,7 @@ xhtmlHeaders(__FILE__, translate('Zones') );
<h2><?php echo translate('Zones') ?></h2>
</div>
<div id="content" style="width:<?php echo $monitor->Width() ?>px; height:<?php echo $monitor->Height() ?>px; position:relative; margin: 0 auto;">
<form name="contentForm" id="contentForm" method="get" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="get" action="?">
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value="delete"/>
<input type="hidden" name="mid" value="<?php echo $mid ?>"/>

View File

@ -77,7 +77,17 @@ if ( empty($_REQUEST['path']) ) {
return;
}
if ( $_REQUEST['fid'] == 'alarm' ) {
if ( $_REQUEST['fid'] == 'objdetect' ) {
$Event = new Event($_REQUEST['eid']);
$path = $Event->Path().'/objdetect.jpg';
unset($Event); # we don't want event object related processing later for this case
if ( !file_exists($path)) {
header('HTTP/1.0 404 Not Found');
Fatal("File ".$path." does not exist. Please make sure store_frame_in_zm is enabled in the object detection config");
}
}
else if ( $_REQUEST['fid'] == 'alarm' ) {
# look for first alarmed frame
$Frame = Frame::find_one(array('EventId'=>$_REQUEST['eid'], 'Type'=>'Alarm'),
array('order'=>'FrameId ASC'));
@ -220,6 +230,7 @@ if ( empty($_REQUEST['path']) ) {
}
}
# we now load the actual image to send
$scale = 0;
if ( !empty($_REQUEST['scale']) ) {
if ( is_numeric($_REQUEST['scale']) ) {