From e630550d0f1ef169aca011a6a0220c7db3d0268f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Mon, 24 Feb 2020 14:44:19 -0500 Subject: [PATCH 1/7] bump version for release 1.34.4 --- db/zm_update-1.34.4.sql | 5 +++++ distros/redhat/zoneminder.spec | 2 +- version | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 db/zm_update-1.34.4.sql diff --git a/db/zm_update-1.34.4.sql b/db/zm_update-1.34.4.sql new file mode 100644 index 000000000..2910943a0 --- /dev/null +++ b/db/zm_update-1.34.4.sql @@ -0,0 +1,5 @@ +-- +-- This updates a 1.34.3 database to 1.34.4 +-- +-- No changes required +-- diff --git a/distros/redhat/zoneminder.spec b/distros/redhat/zoneminder.spec index 7297648a9..d6f474dce 100644 --- a/distros/redhat/zoneminder.spec +++ b/distros/redhat/zoneminder.spec @@ -28,7 +28,7 @@ %global _hardened_build 1 Name: zoneminder -Version: 1.34.3 +Version: 1.34.4 Release: 1%{?dist} Summary: A camera monitoring and analysis tool Group: System Environment/Daemons diff --git a/version b/version index 7e3856fe8..19357ae93 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.34.3 +1.34.4 From 4c2fb6bf089fa555d50f48dd495cffa694749e15 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Feb 2020 13:40:44 -0500 Subject: [PATCH 2/7] populate a js var minTime and maxTime and use it when setting up the calendar widget to set minTime for end calendar. --- web/skins/classic/views/js/montagereview.js | 3 +-- web/skins/classic/views/js/montagereview.js.php | 5 +++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/web/skins/classic/views/js/montagereview.js b/web/skins/classic/views/js/montagereview.js index b543770d7..46f9b1ab2 100644 --- a/web/skins/classic/views/js/montagereview.js +++ b/web/skins/classic/views/js/montagereview.js @@ -1009,8 +1009,7 @@ function initPage() { $j('#maxTime').datetimepicker({ timeFormat: "HH:mm:ss", dateFormat: "yy-mm-dd", - //minDate: $j('#minTime').val(), - minDate: -7, + minDate: minTime, maxDate: +0, constrainInput: false, onClose: function(newDate, oldData) { diff --git a/web/skins/classic/views/js/montagereview.js.php b/web/skins/classic/views/js/montagereview.js.php index 526ce0bb5..d8850c06b 100644 --- a/web/skins/classic/views/js/montagereview.js.php +++ b/web/skins/classic/views/js/montagereview.js.php @@ -50,7 +50,6 @@ if ( !$liveMode ) { $event_id = $event['Id']; $EventsById[$event_id] = $event; } - $next_frames = array(); if ( $result = dbQuery($framesSql) ) { @@ -71,7 +70,7 @@ if ( !$liveMode ) { $event['FramesById'] += array($frame['Id']=>$frame); $next_frames[$frame['EventId']] = $frame; } - } + } // end if dbQuery $events_by_monitor_id = array(); @@ -203,6 +202,8 @@ echo " var numMonitors = $numMonitors; var minTimeSecs=parseInt($minTimeSecs); var maxTimeSecs=parseInt($maxTimeSecs); +var minTime='$minTime'; +var maxTime='$maxTime'; "; echo "var rangeTimeSecs=" . ( $maxTimeSecs - $minTimeSecs + 1) . ";\n"; if(isset($defaultCurrentTime)) From 7787ba1040d0ef5c65a8ac796b589c2be86d63f5 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Feb 2020 17:00:16 -0500 Subject: [PATCH 3/7] Fix adding auth string screwing up url to remote api in zmaControl and zmcControl --- web/includes/Monitor.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/web/includes/Monitor.php b/web/includes/Monitor.php index 3505e83db..63ffae27b 100644 --- a/web/includes/Monitor.php +++ b/web/includes/Monitor.php @@ -284,12 +284,12 @@ class Monitor extends ZM_Object { $url = $Server->UrlToApi().'/monitors/daemonControl/'.$this->{'Id'}.'/'.$mode.'/zmc.json'; if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == 'hashed' ) { - $url .= '?auth='.generateAuthHash( ZM_AUTH_HASH_IPS ); + $url .= '?auth='.generateAuthHash(ZM_AUTH_HASH_IPS); } elseif ( ZM_AUTH_RELAY == 'plain' ) { - $url = '?user='.$_SESSION['username']; - $url = '?pass='.$_SESSION['password']; + $url .= '?user='.$_SESSION['username']; + $url .= '?pass='.$_SESSION['password']; } elseif ( ZM_AUTH_RELAY == 'none' ) { - $url = '?user='.$_SESSION['username']; + $url .= '?user='.$_SESSION['username']; } } Logger::Debug("sending command to $url"); @@ -342,12 +342,12 @@ class Monitor extends ZM_Object { $url = ZM_BASE_PROTOCOL . '://'.$Server->Hostname().'/zm/api/monitors/daemonControl/'.$this->{'Id'}.'/'.$mode.'/zma.json'; if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == 'hashed' ) { - $url .= '?auth='.generateAuthHash( ZM_AUTH_HASH_IPS ); + $url .= '?auth='.generateAuthHash(ZM_AUTH_HASH_IPS); } elseif ( ZM_AUTH_RELAY == 'plain' ) { - $url = '?user='.$_SESSION['username']; - $url = '?pass='.$_SESSION['password']; + $url .= '?user='.$_SESSION['username']; + $url .= '?pass='.$_SESSION['password']; } elseif ( ZM_AUTH_RELAY == 'none' ) { - $url = '?user='.$_SESSION['username']; + $url .= '?user='.$_SESSION['username']; } } Logger::Debug("sending command to $url"); From 8fcd5b37ed2e32dd8aae57522d00fdf437a70131 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Feb 2020 17:12:48 -0500 Subject: [PATCH 4/7] API on remote server requires RELAY not be none. Log an error. Fix url being ruined by auth credentials --- web/includes/Event.php | 22 ++++++++++++---------- web/includes/Monitor.php | 14 ++++++++------ 2 files changed, 20 insertions(+), 16 deletions(-) diff --git a/web/includes/Event.php b/web/includes/Event.php index 7e038397a..340894379 100644 --- a/web/includes/Event.php +++ b/web/includes/Event.php @@ -511,11 +511,12 @@ class Event extends ZM_Object { if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == 'hashed' ) { $url .= '?auth='.generateAuthHash( ZM_AUTH_HASH_IPS ); - } elseif ( ZM_AUTH_RELAY == 'plain' ) { - $url = '?user='.$_SESSION['username']; - $url = '?pass='.$_SESSION['password']; - } elseif ( ZM_AUTH_RELAY == 'none' ) { - $url = '?user='.$_SESSION['username']; + } else if ( ZM_AUTH_RELAY == 'plain' ) { + $url .= '?user='.$_SESSION['username']; + $url .= '?pass='.$_SESSION['password']; + } else { + Error('Multi-Server requires AUTH_RELAY be either HASH or PLAIN'); + return; } } Logger::Debug("sending command to $url"); @@ -557,12 +558,13 @@ class Event extends ZM_Object { $url = $Server->UrlToApi() . '/events/'.$this->{'Id'}.'.json'; if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == 'hashed' ) { - $url .= '?auth='.generateAuthHash( ZM_AUTH_HASH_IPS ); + $url .= '?auth='.generateAuthHash(ZM_AUTH_HASH_IPS); } elseif ( ZM_AUTH_RELAY == 'plain' ) { - $url = '?user='.$_SESSION['username']; - $url = '?pass='.$_SESSION['password']; - } elseif ( ZM_AUTH_RELAY == 'none' ) { - $url = '?user='.$_SESSION['username']; + $url .= '?user='.$_SESSION['username']; + $url .= '?pass='.$_SESSION['password']; + } else { + Error('Multi-Server requires AUTH_RELAY be either HASH or PLAIN'); + return; } } Logger::Debug("sending command to $url"); diff --git a/web/includes/Monitor.php b/web/includes/Monitor.php index 63ffae27b..e2eee7ba9 100644 --- a/web/includes/Monitor.php +++ b/web/includes/Monitor.php @@ -285,11 +285,12 @@ class Monitor extends ZM_Object { if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == 'hashed' ) { $url .= '?auth='.generateAuthHash(ZM_AUTH_HASH_IPS); - } elseif ( ZM_AUTH_RELAY == 'plain' ) { + } else if ( ZM_AUTH_RELAY == 'plain' ) { $url .= '?user='.$_SESSION['username']; $url .= '?pass='.$_SESSION['password']; - } elseif ( ZM_AUTH_RELAY == 'none' ) { - $url .= '?user='.$_SESSION['username']; + } else { + Error('Multi-Server requires AUTH_RELAY be either HASH or PLAIN'); + return; } } Logger::Debug("sending command to $url"); @@ -343,11 +344,12 @@ class Monitor extends ZM_Object { if ( ZM_OPT_USE_AUTH ) { if ( ZM_AUTH_RELAY == 'hashed' ) { $url .= '?auth='.generateAuthHash(ZM_AUTH_HASH_IPS); - } elseif ( ZM_AUTH_RELAY == 'plain' ) { + } else if ( ZM_AUTH_RELAY == 'plain' ) { $url .= '?user='.$_SESSION['username']; $url .= '?pass='.$_SESSION['password']; - } elseif ( ZM_AUTH_RELAY == 'none' ) { - $url .= '?user='.$_SESSION['username']; + } else { + Error('Multi-Server requires AUTH_RELAY be either HASH or PLAIN'); + return; } } Logger::Debug("sending command to $url"); From c08ec996f7294fdcae6c4d0cbcf22d8d9758d900 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Feb 2020 18:12:25 -0500 Subject: [PATCH 5/7] Fix various aspects of the video generating page. Clean up and update code. Remove inline javascript. Fixes #2843 --- web/skins/classic/views/js/video.js | 9 +++-- web/skins/classic/views/js/video.js.php | 2 +- web/skins/classic/views/video.php | 48 ++++++++++++++----------- 3 files changed, 35 insertions(+), 24 deletions(-) diff --git a/web/skins/classic/views/js/video.js b/web/skins/classic/views/js/video.js index cfe2b2384..70b6c48ca 100644 --- a/web/skins/classic/views/js/video.js +++ b/web/skins/classic/views/js/video.js @@ -1,8 +1,10 @@ -function deleteVideo( index ) { +function deleteVideo( e ) { + index = e.getAttribute('data-file-index'); window.location.replace( thisUrl+'?view='+currentView+'&eid='+eventId+'&deleteIndex='+index ); } -function downloadVideo( index ) { +function downloadVideo( e ) { + index = e.getAttribute('data-file-index'); window.location.replace( thisUrl+'?view='+currentView+'&eid='+eventId+'&downloadIndex='+index ); } @@ -21,7 +23,8 @@ function generateVideoResponse( respObj, respText ) { window.location.replace( thisUrl+'?view='+currentView+'&eid='+eventId+'&generated='+((respObj.result=='Ok')?1:0) ); } -function generateVideo( form ) { +function generateVideo( ) { + form = $j('#contentForm')[0]; var parms = 'view=request&request=event&action=video'; parms += '&'+$(form).toQueryString(); var query = new Request.JSON( {url: thisUrl, method: 'post', data: parms, onSuccess: generateVideoResponse} ); diff --git a/web/skins/classic/views/js/video.js.php b/web/skins/classic/views/js/video.js.php index cd12fef7b..0ee2214f5 100644 --- a/web/skins/classic/views/js/video.js.php +++ b/web/skins/classic/views/js/video.js.php @@ -1,4 +1,4 @@ -var eventId = ''; +var eventId = 'Id() ?>'; var videoGenSuccessString = ''; var videoGenFailedString = ''; diff --git a/web/skins/classic/views/video.php b/web/skins/classic/views/video.php index ca4c46f4b..f2099a445 100644 --- a/web/skins/classic/views/video.php +++ b/web/skins/classic/views/video.php @@ -27,27 +27,25 @@ require_once('includes/Event.php'); $eid = validInt($_REQUEST['eid']); -$sql = 'SELECT E.*,M.Name AS MonitorName,M.DefaultRate,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?'; -$sql_values = array($eid); +$event = new ZM\Event($eid); -if ( $user['MonitorIds'] ) { - $monitor_ids = explode(',', $user['MonitorIds']); - $sql .= ' AND MonitorId IN ('.implode(',', array_fill(0,count($monitor_ids),'?')).')'; - $sql_values = array_merge($sql_values, $monitor_ids); +if ( ! canView('Monitors', $event->MonitorId() ) ) { + $view = 'error'; + return; } -$event = dbFetchOne($sql, NULL, $sql_values); +$monitor = $event->Monitor(); if ( isset($_REQUEST['rate']) ) $rate = validInt($_REQUEST['rate']); else - $rate = reScale(RATE_BASE, $event['DefaultRate'], ZM_WEB_DEFAULT_RATE); + $rate = reScale(RATE_BASE, $monitor->DefaultRate(), ZM_WEB_DEFAULT_RATE); + if ( isset($_REQUEST['scale']) ) $scale = validInt($_REQUEST['scale']); else - $scale = reScale(SCALE_BASE, $event['DefaultScale'], ZM_WEB_DEFAULT_SCALE); + $scale = reScale(SCALE_BASE, $monitor->DefaultScale(), ZM_WEB_DEFAULT_SCALE); -$Event = new ZM\Event($event['Id']); -$eventPath = $Event->Path(); +$event_path = $event->Path(); $videoFormats = array(); $ffmpegFormats = preg_split('/\s+/', ZM_FFMPEG_FORMATS); @@ -63,9 +61,9 @@ foreach ( $ffmpegFormats as $ffmpegFormat ) { } $videoFiles = array(); -if ( $dir = opendir($eventPath) ) { +if ( $dir = opendir($event_path) ) { while ( ($file = readdir($dir)) !== false ) { - $file = $eventPath.'/'.$file; + $file = $event_path.'/'.$file; if ( is_file($file) ) { if ( preg_match('/\.(?:'.join('|', $videoFormats).')$/', $file) ) { $videoFiles[] = $file; @@ -85,6 +83,7 @@ if ( isset($_REQUEST['downloadIndex']) ) { // can't be output buffering, as this file might be large ob_end_clean(); $downloadIndex = validInt($_REQUEST['downloadIndex']); + ZM\Error("Download $downloadIndex, file: " . $videoFiles[$downloadIndex]); header('Pragma: public'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); @@ -124,7 +123,7 @@ if ( isset($_REQUEST['showIndex']) ) { } else { ?>
- + @@ -145,7 +144,9 @@ if ( isset($_REQUEST['showIndex']) ) {
- disabled="disabled"/> +
Width(), $scale):$event->Width(); + $height = $scale?reScale($event->Height(), $scale):$event->Height(); ?> -  /  /  + + Id().'&width='.$width.'&height='.$height.'&showIndex='.$index, 'zmVideo'.$event->Id().'-'.$scale, array('videoview', $width, $height), translate('View') ); ?> +  /  + +  /  + + From a34af39ca72a5d13c6d375f95e1bfdcc016ac31f Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Feb 2020 18:11:07 -0500 Subject: [PATCH 6/7] Fix logging line in generate video function --- web/includes/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 8086e77df..819ac2abf 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -937,7 +937,7 @@ function createVideo($event, $format, $rate, $scale, $overwrite=false) { $command .= ' -o'; $command = escapeshellcmd($command); $result = exec($command, $output, $status); -Logger::Debug("generating Video $command: result($result outptu:(".implode("\n", $output )." status($status"); + ZM\Logger::Debug("generating Video $command: result($result outptu:(".implode("\n", $output )." status($status"); return $status ? '' : rtrim($result); } From 0c70c5c2a4cba7bb9e73d64692591e41657cdec1 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Tue, 25 Feb 2020 18:13:42 -0500 Subject: [PATCH 7/7] Save value of V4LMultiBuffer and fix it not being checked for the Use Config Value --- web/includes/actions/monitor.php | 4 ++-- web/skins/classic/views/monitor.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/web/includes/actions/monitor.php b/web/includes/actions/monitor.php index f1223a6f9..94e527e29 100644 --- a/web/includes/actions/monitor.php +++ b/web/includes/actions/monitor.php @@ -33,12 +33,11 @@ if ( $action == 'monitor' ) { if ( !$x10Monitor ) $x10Monitor = array(); } - if ( !canEdit('Monitors',$mid) ) { + if ( !canEdit('Monitors', $mid) ) { ZM\Warning('You do not have permission to edit this monitor'); return; } } else { - #$monitor = array(); if ( ZM_OPT_X10 ) { $x10Monitor = array(); } @@ -58,6 +57,7 @@ if ( $action == 'monitor' ) { 'Enabled' => 0, 'Exif' => 0, 'RTSPDescribe' => 0, + 'V4LMultiBuffer' => '', 'RecordAudio' => 0, 'Method' => 'raw', 'GroupIds' => array(), diff --git a/web/skins/classic/views/monitor.php b/web/skins/classic/views/monitor.php index 055a955fa..928bffc13 100644 --- a/web/skins/classic/views/monitor.php +++ b/web/skins/classic/views/monitor.php @@ -774,7 +774,7 @@ switch ( $tab ) { V4LMultiBuffer() == '0' ? 'checked="checked"' : '' ) ?>/> - V4LMultiBuffer() ? 'checked="checked"' : '' ) ?>/> + V4LMultiBuffer() == '' ? 'checked="checked"' : '' ) ?>/>