Merge branch 'sanitize_image_path' of https://github.com/knnniggett/ZoneMinder into storageareas_sanitize
This commit is contained in:
commit
7ab6818fa0
|
@ -19,3 +19,6 @@ SET @s = (SELECT IF(
|
|||
|
||||
PREPARE stmt FROM @s;
|
||||
EXECUTE stmt;
|
||||
|
||||
|
||||
ALTER TABLE Users MODIFY MonitorIds TEXT NOT NULL;
|
||||
|
|
|
@ -53,6 +53,7 @@ Source1: https://github.com/FriendsOfCake/crud/archive/v%{crud_version}.tar.gz#/
|
|||
%{?with_init_systemd:BuildRequires: mariadb-devel}
|
||||
%{?with_init_systemd:BuildRequires: perl-podlators}
|
||||
%{?with_init_sysv:BuildRequires: mysql-devel}
|
||||
%{?el6:BuildRequires: epel-rpm-macros}
|
||||
BuildRequires: cmake >= 2.8.7
|
||||
BuildRequires: gnutls-devel
|
||||
BuildRequires: bzip2-devel
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
The XML images present in this folder have been drawn using http://draw.io
|
||||
To edit images, simple go to draw.io and load the .xml files
|
Binary file not shown.
Before Width: | Height: | Size: 59 KiB After Width: | Height: | Size: 93 KiB |
File diff suppressed because one or more lines are too long
|
@ -182,7 +182,6 @@ our $mem_data = {
|
|||
};
|
||||
|
||||
our $mem_size = 0;
|
||||
our $mem_verified = {};
|
||||
|
||||
sub zmMemInit {
|
||||
my $offset = 0;
|
||||
|
@ -364,7 +363,6 @@ sub zmMemInvalidate {
|
|||
my $monitor = shift;
|
||||
my $mem_key = zmMemKey($monitor);
|
||||
if ( $mem_key ) {
|
||||
delete $mem_verified->{$mem_key};
|
||||
zmMemDetach( $monitor );
|
||||
} else {
|
||||
print "no memkey in zmMemInvalidate\n";
|
||||
|
|
|
@ -194,10 +194,10 @@ foreach my $connection ( @in_select_connections ) {
|
|||
|
||||
my %spawned_connections;
|
||||
my %monitors;
|
||||
loadMonitors();
|
||||
|
||||
my $monitor_reload_time = 0;
|
||||
my $needsReload = 0;
|
||||
loadMonitors();
|
||||
|
||||
|
||||
$! = undef;
|
||||
my $rin = '';
|
||||
|
@ -287,12 +287,13 @@ while( 1 ) {
|
|||
}
|
||||
}
|
||||
|
||||
# Check for alarms that might have happened
|
||||
# Check for alarms that might have happened
|
||||
my @out_messages;
|
||||
foreach my $monitor ( values(%monitors) ) {
|
||||
|
||||
if ( ! zmMemVerify($monitor) ) {
|
||||
# Our attempt to verify the memory handle failed. We should reload the monitors.
|
||||
# Our attempt to verify the memory handle failed. We should reload the monitors.
|
||||
# Don't need to zmMemInvalidate because the monitor reload will do it.
|
||||
$needsReload = 1;
|
||||
next;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,25 @@
|
|||
snprintf( swap_path, sizeof(swap_path), "%s/zmswap-m%d/zmswap-q%06d", config.path_swap, monitor->Id(), connkey );
|
||||
|
||||
int len = snprintf(NULL, 0, "/zmswap-m%d", monitor->Id());
|
||||
|
||||
|
||||
int swap_path_length = strlen(config.path_swap) + snprintf(NULL, 0, "/zmswap-m%d", monitor->Id() ) + snprintf(NULL, 0, "/zmswap-q%06d", connkey ) + 1; // +1 for NULL terminator
|
||||
|
||||
if ( connkey && playback_buffer > 0 ) {
|
||||
|
||||
if ( swap_path_length + max_swap_len_suffix > PATH_MAX ) {
|
||||
Error( "Swap Path is too long. %d > %d ", swap_path_length+max_swap_len_suffix, PATH_MAX );
|
||||
} else {
|
||||
swap_path = (char *)malloc( swap_path_length+max_swap_len_suffix );
|
||||
Debug( 3, "Checking swap image path %s", config.path_swap );
|
||||
strncpy( swap_path, config.path_swap, swap_path_length );
|
||||
if ( checkSwapPath( swap_path, false ) ) {
|
||||
snprintf( &(swap_path[swap_path_length]), max_swap_len_suffix, "/zmswap-m%d", monitor->Id() );
|
||||
if ( checkSwapPath( swap_path, true ) ) {
|
||||
snprintf( &(swap_path[swap_path_length]), max_swap_len_suffix, "/zmswap-q%06d", connkey );
|
||||
if ( checkSwapPath( swap_path, true ) ) {
|
||||
buffered_playback = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1,12 +1,14 @@
|
|||
<VirtualHost *:80>
|
||||
DocumentRoot /usr/local/share/zoneminder
|
||||
DocumentRoot /usr/local/share/zoneminder/www
|
||||
DirectoryIndex index.php
|
||||
|
||||
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
|
||||
<Directory "/usr/lib/cgi-bin">
|
||||
ScriptAlias /cgi-bin/ /usr/local/libexec/zoneminder/cgi-bin/
|
||||
<Directory />
|
||||
Require all granted
|
||||
</Directory>
|
||||
<Directory "/usr/local/libexec/zoneminder/cgi-bin">
|
||||
AllowOverride None
|
||||
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
|
||||
require all granted
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
</VirtualHost>
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
--- a/packpack/pack/rpm.mk 2017-01-14 14:01:50.364217882 -0600
|
||||
+++ b/packpack/pack/rpm.mk 2017-01-14 14:01:19.594985311 -0600
|
||||
@@ -23,11 +23,13 @@
|
||||
-e 's/Release:\([ ]*\).*/Release: $(RELEASE)%{dist}/' \
|
||||
-e 's/Source0:\([ ]*\).*/Source0: $(TARBALL)/' \
|
||||
-e 's/%setup .*/%setup -q -n $(PRODUCT)-$(VERSION)/' \
|
||||
+ -e 's/%autosetup -n .*/%autosetup -n $(PRODUCT)-$(VERSION)/' \
|
||||
-i $@.tmp
|
||||
grep -F "Version: $(VERSION)" $@.tmp && \
|
||||
grep -F "Release: $(RELEASE)" $@.tmp && \
|
||||
grep -F "Source0: $(TARBALL)" $@.tmp && \
|
||||
- grep -F "%setup -q -n $(PRODUCT)-$(VERSION)" $@.tmp || \
|
||||
+ (grep -F "%setup -q -n $(PRODUCT)-$(VERSION)" $@.tmp || \
|
||||
+ grep -F "%autosetup" $@.tmp) || \
|
||||
(echo "Failed to patch RPM spec" && exit 1)
|
||||
@ mv -f $@.tmp $@
|
||||
@echo
|
|
@ -0,0 +1,8 @@
|
|||
.PHONY: redhat_package
|
||||
.NOTPARALLEL: redhat_package
|
||||
|
||||
redhat_package: redhat_bootstrap package
|
||||
|
||||
redhat_bootstrap:
|
||||
sudo yum install -y --nogpgcheck build/zmrepo.noarch.rpm
|
||||
|
|
@ -0,0 +1,100 @@
|
|||
#!/bin/bash
|
||||
# packpack setup file for the ZoneMinder project
|
||||
# Written by Andrew Bauer
|
||||
|
||||
# Check to see if this script has access to all the commands it needs
|
||||
for CMD in set echo curl repoquery git ln mkdir patch rmdir; do
|
||||
type $CMD 2>&1 > /dev/null
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
echo
|
||||
echo "ERROR: The script cannot find the required command \"${CMD}\"."
|
||||
echo
|
||||
exit $?
|
||||
fi
|
||||
done
|
||||
|
||||
# Verify OS & DIST environment variables have been set before calling this script
|
||||
if [ -z "${OS}" ] || [ -z "${DIST}" ]; then
|
||||
echo "ERROR: both OS and DIST environment variables must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Steps common to all builds
|
||||
mkdir -p build
|
||||
if [ -e "packpack/Makefile" ]; then
|
||||
echo "Checking packpack github repo for changes..."
|
||||
git -C packpack pull origin master
|
||||
else
|
||||
echo "Cloning pakcpack github repo..."
|
||||
git clone https://github.com/packpack/packpack.git packpack
|
||||
fi
|
||||
|
||||
# The rpm specfile requires we download the tarball and manually move it into place
|
||||
# Might as well do this for Debian as well, rather than git submodule init
|
||||
CRUDVER="3.0.10"
|
||||
if [ -e "build/crud-${CRUDVER}.tar.gz" ]; then
|
||||
echo "Found existing Crud ${CRUDVER} tarball..."
|
||||
else
|
||||
echo "Retrieving Crud ${CRUDVER} submodule..."
|
||||
curl -L https://github.com/FriendsOfCake/crud/archive/v${CRUDVER}.tar.gz > build/crud-${CRUDVER}.tar.gz
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "ERROR: Crud tarball retreival failed..."
|
||||
exit $?
|
||||
fi
|
||||
fi
|
||||
|
||||
# Steps common to Redhat distros
|
||||
if [ "${OS}" == "el" ] || [ "${OS}" == "fedora" ]; then
|
||||
echo "Begin Redhat build..."
|
||||
|
||||
# %autosetup support has been merged upstream. No need to patch
|
||||
#patch -p1 < utils/packpack/autosetup.patch
|
||||
ln -sf distros/redhat rpm
|
||||
|
||||
if [ "${OS}" == "el" ]; then
|
||||
zmrepodistro=${OS}
|
||||
else
|
||||
zmrepodistro="f"
|
||||
fi
|
||||
|
||||
# Let repoquery determine the full url and filename of the zmrepo rpm we are interested in
|
||||
result=`repoquery --repofrompath=zmpackpack,https://zmrepo.zoneminder.com/${zmrepodistro}/${DIST}/x86_64/ --repoid=zmpackpack --qf="%{location}" zmrepo 2> /dev/null`
|
||||
|
||||
if [ -n "$result" ] && [ $? -eq 0 ]; then
|
||||
echo "Retrieving ZMREPO rpm..."
|
||||
curl $result > build/zmrepo.noarch.rpm
|
||||
else
|
||||
echo "ERROR: Failed to retrieve zmrepo rpm..."
|
||||
if [ $? -ne 0 ]; then
|
||||
echo $?
|
||||
else
|
||||
echo 1
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Starting packpack..."
|
||||
packpack/packpack -f utils/packpack/redhat_package.mk redhat_package
|
||||
|
||||
# Steps common the Debian based distros
|
||||
elif [ "${OS}" == "debian" ] || [ "${OS}" == "ubuntu" ]; then
|
||||
echo "Begin Debian build..."
|
||||
|
||||
# Uncompress the Crud tarball and move it into place
|
||||
tar -xzf build/crud-${CRUDVER}.tar.gz
|
||||
rmdir web/api/app/Plugin/Crud
|
||||
mv -f crud-${CRUDVER} web/api/app/Plugin/Crud
|
||||
|
||||
if [ ${DIST} == "trusty" ] || [ ${DIST} == "precise" ]; then
|
||||
ln -sf distros/ubuntu1204 debian
|
||||
elif [ ${DIST} == "wheezy" ]; then
|
||||
ln -sf distros/debian debian
|
||||
else
|
||||
ln -sf distros/ubuntu1604 debian
|
||||
fi
|
||||
|
||||
echo "Starting packpack..."
|
||||
packpack/packpack
|
||||
fi
|
||||
|
||||
|
|
@ -1,56 +0,0 @@
|
|||
<?php
|
||||
//
|
||||
// ZoneMinder file view file, $Date: 2008-09-29 14:15:13 +0100 (Mon, 29 Sep 2008) $, $Revision: 2640 $
|
||||
// Copyright (C) 2001-2008 Philip Coombes
|
||||
//
|
||||
// This program is free software; you can redistribute it and/or
|
||||
// modify it under the terms of the GNU General Public License
|
||||
// as published by the Free Software Foundation; either version 2
|
||||
// of the License, or (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License
|
||||
// along with this program; if not, write to the Free Software
|
||||
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
//
|
||||
|
||||
if ( !canView( 'Events' ) )
|
||||
{
|
||||
$view = "error";
|
||||
return;
|
||||
}
|
||||
|
||||
if ( empty($_REQUEST['path']) )
|
||||
{
|
||||
$errorText = "No path given to file.php";
|
||||
}
|
||||
else
|
||||
{
|
||||
$path = $_REQUEST['path'];
|
||||
if ( !empty($user['MonitorIds']) )
|
||||
{
|
||||
$fileOk = false;
|
||||
$pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );
|
||||
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId )
|
||||
{
|
||||
if ( $pathMonId == $monId )
|
||||
{
|
||||
$fileOk = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if ( !$fileOk )
|
||||
$errorText = "No permissions to view file '$path'";
|
||||
}
|
||||
}
|
||||
|
||||
// Simple version
|
||||
if ( $errorText )
|
||||
Error( $errorText );
|
||||
else
|
||||
readfile( ZM_DIR_EVENTS.'/'.$path );
|
||||
?>
|
|
@ -100,15 +100,25 @@ Debug( "$path does not exist");
|
|||
}
|
||||
|
||||
} else {
|
||||
$path = $_REQUEST['path'];
|
||||
if ( !empty($user['MonitorIds']) ) {
|
||||
$imageOk = false;
|
||||
$pathMonId = substr( $path, 0, strspn( $path, '1234567890' ) );
|
||||
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId ) {
|
||||
if ( $pathMonId == $monId ) {
|
||||
$imageOk = true;
|
||||
break;
|
||||
$dir_events = realpath(ZM_DIR_EVENTS);
|
||||
$path = realpath($dir_events . '/' . $_REQUEST['path']);
|
||||
$pos = strpos($path, $dir_events);
|
||||
|
||||
if($pos == 0 && $pos !== false) {
|
||||
if ( !empty($user['MonitorIds']) ) {
|
||||
$imageOk = false;
|
||||
$pathMonId = substr( $path, 0, strspn( $path, "1234567890" ) );
|
||||
foreach ( preg_split( '/["\'\s]*,["\'\s]*/', $user['MonitorIds'] ) as $monId ) {
|
||||
if ( $pathMonId == $monId ) {
|
||||
$imageOk = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if ( !$imageOk )
|
||||
$errorText = "No image permissions";
|
||||
}
|
||||
} else {
|
||||
$errorText = "Invalid image path";
|
||||
}
|
||||
if ( !$imageOk )
|
||||
$errorText = 'No image permissions';
|
||||
|
@ -149,8 +159,8 @@ header( 'Content-type: image/jpeg' );
|
|||
|
||||
# This is so that Save Image As give a useful filename
|
||||
if ( $Event ) {
|
||||
$filename = $Event->MonitorId().'_'.$Event->Id().'_'.$Frame->FrameId().'.jpg';
|
||||
header('Content-Disposition: inline; filename="' . $filename . '"');
|
||||
$filename = $Event->MonitorId().'_'.$Event->Id().'_'.$Frame->FrameId().'.jpg';
|
||||
header('Content-Disposition: inline; filename="' . $filename . '"');
|
||||
}
|
||||
ob_clean();
|
||||
flush();
|
||||
|
|
Loading…
Reference in New Issue