ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'sanitize_image_path' of https://github.com/knnniggett/ZoneMinder into storageareas_sanitize

This commit is contained in:
Isaac Connor 2017-01-25 17:14:30 -05:00
parent fe3328a87a dbd73690b2
commit 7ab6818fa0
14 changed files with 189 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
db/zm_update-1.30.2.sql
View File

@ -19,3 +19,6 @@ SET @s = (SELECT IF(
PREPARE stmt FROM @s; PREPARE stmt FROM @s;
EXECUTE stmt; EXECUTE stmt;
ALTER TABLE Users MODIFY MonitorIds TEXT NOT NULL;

1
distros/redhat/zoneminder.spec
View File

@ -53,6 +53,7 @@ Source1: https://github.com/FriendsOfCake/crud/archive/v%{crud_version}.tar.gz#/
%{?with_init_systemd:BuildRequires: mariadb-devel} %{?with_init_systemd:BuildRequires: mariadb-devel}
%{?with_init_systemd:BuildRequires: perl-podlators} %{?with_init_systemd:BuildRequires: perl-podlators}
%{?with_init_sysv:BuildRequires: mysql-devel} %{?with_init_sysv:BuildRequires: mysql-devel}
%{?el6:BuildRequires: epel-rpm-macros}
BuildRequires: cmake >= 2.8.7 BuildRequires: cmake >= 2.8.7
BuildRequires: gnutls-devel BuildRequires: gnutls-devel
BuildRequires: bzip2-devel BuildRequires: bzip2-devel

2
docs/userguide/images/README.TXT Normal file
View File

@ -0,0 +1,2 @@
The XML images present in this folder have been drawn using http://draw.io
To edit images, simple go to draw.io and load the .xml files

BIN
docs/userguide/images/zm-system-overview.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 59 KiB

After

Width:  |  Height:  |  Size: 93 KiB

2
docs/userguide/images/zm-system-overview.xml
View File

File diff suppressed because one or more lines are too long

2
scripts/ZoneMinder/lib/ZoneMinder/Memory.pm.in
View File

@ -182,7 +182,6 @@ our $mem_data = {
}; };
our $mem_size = 0; our $mem_size = 0;
our $mem_verified = {};
sub zmMemInit { sub zmMemInit {
my $offset = 0; my $offset = 0;
@ -364,7 +363,6 @@ sub zmMemInvalidate {
my $monitor = shift; my $monitor = shift;
my $mem_key = zmMemKey($monitor); my $mem_key = zmMemKey($monitor);
if ( $mem_key ) { if ( $mem_key ) {
delete $mem_verified->{$mem_key};
zmMemDetach( $monitor ); zmMemDetach( $monitor );
} else { } else {
print "no memkey in zmMemInvalidate\n"; print "no memkey in zmMemInvalidate\n";

9
scripts/zmtrigger.pl.in
View File

@ -194,10 +194,10 @@ foreach my $connection ( @in_select_connections ) {
my %spawned_connections; my %spawned_connections;
my %monitors; my %monitors;
loadMonitors();
my $monitor_reload_time = 0; my $monitor_reload_time = 0;
my $needsReload = 0; my $needsReload = 0;
loadMonitors();
$! = undef; $! = undef;
my $rin = ''; my $rin = '';
@ -287,12 +287,13 @@ while( 1 ) {
} }
} }
# Check for alarms that might have happened # Check for alarms that might have happened
my @out_messages; my @out_messages;
foreach my $monitor ( values(%monitors) ) { foreach my $monitor ( values(%monitors) ) {
if ( ! zmMemVerify($monitor) ) { if ( ! zmMemVerify($monitor) ) {
# Our attempt to verify the memory handle failed. We should reload the monitors. # Our attempt to verify the memory handle failed. We should reload the monitors.
# Don't need to zmMemInvalidate because the monitor reload will do it.
$needsReload = 1; $needsReload = 1;
next; next;
} }

25
src/snprintf.cpp Normal file
View File

@ -0,0 +1,25 @@
snprintf( swap_path, sizeof(swap_path), "%s/zmswap-m%d/zmswap-q%06d", config.path_swap, monitor->Id(), connkey );
int len = snprintf(NULL, 0, "/zmswap-m%d", monitor->Id());
int swap_path_length = strlen(config.path_swap) + snprintf(NULL, 0, "/zmswap-m%d", monitor->Id() ) + snprintf(NULL, 0, "/zmswap-q%06d", connkey ) + 1; // +1 for NULL terminator
if ( connkey && playback_buffer > 0 ) {
if ( swap_path_length + max_swap_len_suffix > PATH_MAX ) {
Error( "Swap Path is too long. %d > %d ", swap_path_length+max_swap_len_suffix, PATH_MAX );
} else {
swap_path = (char *)malloc( swap_path_length+max_swap_len_suffix );
Debug( 3, "Checking swap image path %s", config.path_swap );
strncpy( swap_path, config.path_swap, swap_path_length );
if ( checkSwapPath( swap_path, false ) ) {
snprintf( &(swap_path[swap_path_length]), max_swap_len_suffix, "/zmswap-m%d", monitor->Id() );
if ( checkSwapPath( swap_path, true ) ) {
snprintf( &(swap_path[swap_path_length]), max_swap_len_suffix, "/zmswap-q%06d", connkey );
if ( checkSwapPath( swap_path, true ) ) {
buffered_playback = true;
}
}
}

12
utils/docker/apache-vhost
View File

@ -1,12 +1,14 @@
<VirtualHost *:80> <VirtualHost *:80>
DocumentRoot /usr/local/share/zoneminder DocumentRoot /usr/local/share/zoneminder/www
DirectoryIndex index.php DirectoryIndex index.php
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ ScriptAlias /cgi-bin/ /usr/local/libexec/zoneminder/cgi-bin/
<Directory "/usr/lib/cgi-bin"> <Directory />
Require all granted
</Directory>
<Directory "/usr/local/libexec/zoneminder/cgi-bin">
AllowOverride None AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
require all granted Require all granted
</Directory> </Directory>
</VirtualHost> </VirtualHost>

17
utils/packpack/autosetup.patch Normal file
View File

@ -0,0 +1,17 @@
--- a/packpack/pack/rpm.mk 2017-01-14 14:01:50.364217882 -0600
+++ b/packpack/pack/rpm.mk 2017-01-14 14:01:19.594985311 -0600
@@ -23,11 +23,13 @@
-e 's/Release:\([ ]*\).*/Release: $(RELEASE)%{dist}/' \
-e 's/Source0:\([ ]*\).*/Source0: $(TARBALL)/' \
-e 's/%setup .*/%setup -q -n $(PRODUCT)-$(VERSION)/' \
+ -e 's/%autosetup -n .*/%autosetup -n $(PRODUCT)-$(VERSION)/' \
-i $@.tmp
grep -F "Version: $(VERSION)" $@.tmp && \
grep -F "Release: $(RELEASE)" $@.tmp && \
grep -F "Source0: $(TARBALL)" $@.tmp && \
- grep -F "%setup -q -n $(PRODUCT)-$(VERSION)" $@.tmp || \
+ (grep -F "%setup -q -n $(PRODUCT)-$(VERSION)" $@.tmp || \
+ grep -F "%autosetup" $@.tmp) || \
(echo "Failed to patch RPM spec" && exit 1)
@ mv -f $@.tmp $@
@echo

8
utils/packpack/redhat_package.mk Normal file
View File

@ -0,0 +1,8 @@
.PHONY: redhat_package
.NOTPARALLEL: redhat_package
redhat_package: redhat_bootstrap package
redhat_bootstrap:
sudo yum install -y --nogpgcheck build/zmrepo.noarch.rpm

100
utils/packpack/startpackpack.sh Executable file
View File

@ -0,0 +1,100 @@
#!/bin/bash
# packpack setup file for the ZoneMinder project
# Written by Andrew Bauer
# Check to see if this script has access to all the commands it needs
for CMD in set echo curl repoquery git ln mkdir patch rmdir; do
type $CMD 2>&1 > /dev/null
if [ $? -ne 0 ]; then
echo
echo "ERROR: The script cannot find the required command \"${CMD}\"."
echo
exit $?
fi
done
# Verify OS & DIST environment variables have been set before calling this script
if [ -z "${OS}" ] || [ -z "${DIST}" ]; then
echo "ERROR: both OS and DIST environment variables must be set"
exit 1
fi
# Steps common to all builds
mkdir -p build
if [ -e "packpack/Makefile" ]; then
echo "Checking packpack github repo for changes..."
git -C packpack pull origin master
else
echo "Cloning pakcpack github repo..."
git clone https://github.com/packpack/packpack.git packpack
fi
# The rpm specfile requires we download the tarball and manually move it into place
# Might as well do this for Debian as well, rather than git submodule init
CRUDVER="3.0.10"
if [ -e "build/crud-${CRUDVER}.tar.gz" ]; then
echo "Found existing Crud ${CRUDVER} tarball..."
else
echo "Retrieving Crud ${CRUDVER} submodule..."
curl -L https://github.com/FriendsOfCake/crud/archive/v${CRUDVER}.tar.gz > build/crud-${CRUDVER}.tar.gz
if [ $? -ne 0 ]; then
echo "ERROR: Crud tarball retreival failed..."
exit $?
fi
fi
# Steps common to Redhat distros
if [ "${OS}" == "el" ] || [ "${OS}" == "fedora" ]; then
echo "Begin Redhat build..."
# %autosetup support has been merged upstream. No need to patch
#patch -p1 < utils/packpack/autosetup.patch
ln -sf distros/redhat rpm
if [ "${OS}" == "el" ]; then
zmrepodistro=${OS}
else
zmrepodistro="f"
fi
# Let repoquery determine the full url and filename of the zmrepo rpm we are interested in
result=`repoquery --repofrompath=zmpackpack,https://zmrepo.zoneminder.com/${zmrepodistro}/${DIST}/x86_64/ --repoid=zmpackpack --qf="%{location}" zmrepo 2> /dev/null`
if [ -n "$result" ] && [ $? -eq 0 ]; then
echo "Retrieving ZMREPO rpm..."
curl $result > build/zmrepo.noarch.rpm
else
echo "ERROR: Failed to retrieve zmrepo rpm..."
if [ $? -ne 0 ]; then
echo $?
else
echo 1
fi
fi
echo "Starting packpack..."
packpack/packpack -f utils/packpack/redhat_package.mk redhat_package
# Steps common the Debian based distros
elif [ "${OS}" == "debian" ] || [ "${OS}" == "ubuntu" ]; then
echo "Begin Debian build..."
# Uncompress the Crud tarball and move it into place
tar -xzf build/crud-${CRUDVER}.tar.gz
rmdir web/api/app/Plugin/Crud
mv -f crud-${CRUDVER} web/api/app/Plugin/Crud
if [ ${DIST} == "trusty" ] || [ ${DIST} == "precise" ]; then
ln -sf distros/ubuntu1204 debian
elif [ ${DIST} == "wheezy" ]; then
ln -sf distros/debian debian
else
ln -sf distros/ubuntu1604 debian
fi
echo "Starting packpack..."
packpack/packpack
fi

56
web/views/file.php
View File

@ -1,56 +0,0 @@
<?php
//
// ZoneMinder file view file, $Date: 2008-09-29 14:15:13 +0100 (Mon, 29 Sep 2008) $, $Revision: 2640 $
// Copyright (C) 2001-2008 Philip Coombes
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//
if ( !canView( 'Events' ) )
{
$view = "error";
return;
}
if ( empty($_REQUEST['path']) )
{
$errorText = "No path given to file.php";
}
else
{
$path = $_REQUEST['path'];
if ( !empty($user['MonitorIds']) )
{
$fileOk = false;
$pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId )
{
if ( $pathMonId == $monId )
{
$fileOk = true;
break;
}
}
if ( !$fileOk )
$errorText = "No permissions to view file '$path'";
}
}
// Simple version
if ( $errorText )
Error( $errorText );
else
readfile( ZM_DIR_EVENTS.'/'.$path );
?>

30
web/views/image.php
View File

@ -100,15 +100,25 @@ Debug( "$path does not exist");
} }
} else { } else {
$path = $_REQUEST['path']; $dir_events = realpath(ZM_DIR_EVENTS);
if ( !empty($user['MonitorIds']) ) { $path = realpath($dir_events . '/' . $_REQUEST['path']);
$imageOk = false; $pos = strpos($path, $dir_events);
$pathMonId = substr( $path, 0, strspn( $path, '1234567890' ) );
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId ) { if($pos == 0 && $pos !== false) {
if ( $pathMonId == $monId ) { if ( !empty($user['MonitorIds']) ) {
$imageOk = true; $imageOk = false;
break; $pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId ) {
if ( $pathMonId == $monId ) {
$imageOk = true;
break;
}
} }
if ( !$imageOk )
$errorText = "No image permissions";
}
} else {
$errorText = "Invalid image path";
} }
if ( !$imageOk ) if ( !$imageOk )
$errorText = 'No image permissions'; $errorText = 'No image permissions';
@ -149,8 +159,8 @@ header( 'Content-type: image/jpeg' );
# This is so that Save Image As give a useful filename # This is so that Save Image As give a useful filename
if ( $Event ) { if ( $Event ) {
$filename = $Event->MonitorId().'_'.$Event->Id().'_'.$Frame->FrameId().'.jpg'; $filename = $Event->MonitorId().'_'.$Event->Id().'_'.$Frame->FrameId().'.jpg';
header('Content-Disposition: inline; filename="' . $filename . '"'); header('Content-Disposition: inline; filename="' . $filename . '"');
} }
ob_clean(); ob_clean();
flush(); flush();