From eaab76d0756fe2239163f59c610fb85933f1c5e8 Mon Sep 17 00:00:00 2001
From: stan <stan@e3e1d417-86f3-4887-817a-d78f3d33393f>
Date: Sun, 10 Feb 2008 22:13:16 +0000
Subject: [PATCH] Bug 448 - Fixed some references to old style filter
 constructs.

git-svn-id: http://svn.zoneminder.com/svn/zm/trunk@2293 e3e1d417-86f3-4887-817a-d78f3d33393f
---
 web/zm_funcs.php              | 26 ++++++++++----------
 web/zm_html_view_event.php    | 46 +++++++++++++++++------------------
 web/zm_html_view_timeline.php |  7 ------
 web/zm_xhtml_view_event.php   | 18 +++++++-------
 web/zm_xhtml_view_events.php  | 12 ++++-----
 5 files changed, 51 insertions(+), 58 deletions(-)

diff --git a/web/zm_funcs.php b/web/zm_funcs.php
index 51c974a72..2ccda8759 100644
--- a/web/zm_funcs.php
+++ b/web/zm_funcs.php
@@ -1218,20 +1218,20 @@ function parseFilter( &$filter, $save_to_session=false, $term_sep='&' )
 		{
 			if ( isset($filter['terms'][$i]['cnj']) )
 			{
-				$filter['query'] .= $term_sep."filter[terms][$i][cnj]=".$filter['terms'][$i]['cnj'];
+				$filter['query'] .= $term_sep."filter[terms][$i][cnj]=".urlencode($filter['terms'][$i]['cnj']);
 				$filter['sql'] .= " ".$filter['terms'][$i]['cnj']." ";
-				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][cnj]\" value=\"".$filter['terms'][$i]['cnj']."\"/>\n";
+				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][cnj]\" value=\"".htmlspecialchars($filter['terms'][$i]['cnj'])."\"/>\n";
 			}
 			if ( isset($filter['terms'][$i]['obr']) )
 			{
-				$filter['query'] .= $term_sep."filter[terms][$i][obr]=".$filter['terms'][$i]['obr'];
+				$filter['query'] .= $term_sep."filter[terms][$i][obr]=".urlencode($filter['terms'][$i]['obr']);
 				$filter['sql'] .= " ".str_repeat( "(", $filter['terms'][$i]['obr'] )." ";
-				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][obr]\" value=\"".$filter['terms'][$i]['obr']."\"/>\n";
+				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][obr]\" value=\"".htmlspecialchars($filter['terms'][$i]['obr'])."\"/>\n";
 			}
 			if ( isset($filter['terms'][$i]['attr']) )
 			{
-				$filter['query'] .= $term_sep."filter[terms][$i][attr]=".$filter['terms'][$i]['attr'];
-				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][attr]\" value=\"".$filter['terms'][$i]['attr']."\"/>\n";
+				$filter['query'] .= $term_sep."filter[terms][$i][attr]=".urlencode($filter['terms'][$i]['attr']);
+				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][attr]\" value=\"".htmlspecialchars($filter['terms'][$i]['attr'])."\"/>\n";
 				switch ( $filter['terms'][$i]['attr'] )
 				{
 					case 'MonitorName':
@@ -1282,7 +1282,7 @@ function parseFilter( &$filter, $save_to_session=false, $term_sep='&' )
 						case 'Name':
 						case 'Cause':
 						case 'Notes':
-							$value = "'$value'";
+							$value = "'".dbEscape($value)."'";
 							break;
 						case 'DateTime':
 							$value = "'".strftime( STRF_FMT_DATETIME_DB, strtotime( $value ) )."'";
@@ -1321,16 +1321,16 @@ function parseFilter( &$filter, $save_to_session=false, $term_sep='&' )
 						break;
 				}
 
-				$filter['query'] .= $term_sep."filter[terms][$i][op]=".$filter['terms'][$i]['op'];
-				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][op]\" value=\"".$filter['terms'][$i]['op']."\"/>\n";
-				$filter['query'] .= $term_sep."filter[terms][$i][val]=".urlencode($filter['terms'][$i]['val']);
-				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][val]\" value=\"".$filter['terms'][$i]['val']."\"/>\n";
+				$filter['query'] .= $term_sep."filter[terms][$i][op]=".urlencode($filter['terms'][$i]['op']);
+				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][op]\" value=\"".htmlspecialchars($filter['terms'][$i]['op'])."\"/>\n";
+				$filter['query'] .= $term_sep."filter[terms][$i][val]=".urlencode(urlencode($filter['terms'][$i]['val']));
+				$filter['fields'] .= "<input type=\"hidden\" name=\"filter[terms][$i][val]\" value=\"".htmlspecialchars($filter['terms'][$i]['val'])."\"/>\n";
 			}
 			if ( isset($filter['terms'][$i]['cbr']) )
 			{
-				$filter['query'] .= $term_sep."filter[terms][$i][cbr]=".$filter['terms'][$i]['cbr'];
+				$filter['query'] .= $term_sep."filter[terms][$i][cbr]=".urlencode($filter['terms'][$i]['cbr']);
 				$filter['sql'] .= " ".str_repeat( ")", $filter['terms'][$i]['cbr'] )." ";
-				$filter['fields'] .= "<input type=\"hidden\" \"name=filter[terms][$i][cbr]\" value=\"".$filter['terms'][$i]['cbr']."\"/>\n";
+				$filter['fields'] .= "<input type=\"hidden\" \"name=filter[terms][$i][cbr]\" value=\"".htmlspecialchars($filter['terms'][$i]['cbr'])."\"/>\n";
 			}
 		}
         if ( $filter['sql'] )
diff --git a/web/zm_html_view_event.php b/web/zm_html_view_event.php
index d525208fc..768408700 100644
--- a/web/zm_html_view_event.php
+++ b/web/zm_html_view_event.php
@@ -46,7 +46,7 @@ $event = dbFetchOne( $sql );
 parseSort();
 parseFilter( $filter );
 
-$sql = "select E.* from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sort_column ".($sort_order=='asc'?'<=':'>=')." '".$event[preg_replace( '/^.*\./', '', $sort_column )]."'$filter_sql$mid_sql order by $sort_column ".($sort_order=='asc'?'desc':'asc');
+$sql = "select E.* from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sort_column ".($sort_order=='asc'?'<=':'>=')." '".$event[preg_replace( '/^.*\./', '', $sort_column )]."'".$filter['sql'].$mid_sql." order by $sort_column ".($sort_order=='asc'?'desc':'asc')." limit 100";
 $result = dbQuery( $sql );
 foreach( dbFetchAll( $sql ) as $row )
 while ( $row = dbFetchNext( $result ) )
@@ -58,7 +58,7 @@ while ( $row = dbFetchNext( $result ) )
     }
 }
 
-$sql = "select E.* from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sort_column ".($sort_order=='asc'?'>=':'<=')." '".$event[preg_replace( '/^.*\./', '', $sort_column )]."'$filter_sql$mid_sql order by $sort_column $sort_order";
+$sql = "select E.* from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sort_column ".($sort_order=='asc'?'>=':'<=')." '".$event[preg_replace( '/^.*\./', '', $sort_column )]."'".$filter['sql'].$mid_sql." order by $sort_column $sort_order limit 100";
 $result = dbQuery( $sql );
 while ( $row = dbFetchNext( $result ) )
 {
@@ -208,7 +208,7 @@ if ( $mode == "stream" )
 <input type="hidden" name="action" value="rename">
 <input type="hidden" name="mode" value="<?= $mode ?>">
 <input type="hidden" name="eid" value="<?= $eid ?>">
-<?= $filter_fields ?>
+<?= $filter['fields'] ?>
 <input type="hidden" name="sort_field" value="<?= $sort_field ?>">
 <input type="hidden" name="sort_asc" value="<?= $sort_asc ?>">
 <input type="hidden" name="limit" value="<?= $limit ?>">
@@ -234,7 +234,7 @@ Learn Pref:&nbsp;<select name="learn_state" class="form" onChange="learn_form.su
 <input type="hidden" name="mode" value="<?= $mode ?>">
 <input type="hidden" name="page" value="<?= $page ?>">
 <input type="hidden" name="eid" value="<?= $eid ?>">
-<?= $filter_fields ?>
+<?= $filter['fields'] ?>
 <input type="hidden" name="sort_field" value="<?= $sort_field ?>">
 <input type="hidden" name="sort_asc" value="<?= $sort_asc ?>">
 <input type="hidden" name="limit" value="<?= $limit ?>">
@@ -249,24 +249,24 @@ Learn Pref:&nbsp;<select name="learn_state" class="form" onChange="learn_form.su
 <?php if ( $mode == "stream" ) { ?>
 <td align="center" class="text"><a href="javascript: refreshWindow();"><?= $zmSlangReplay ?></a></td>
 <?php } elseif ( $paged && !empty($page) ) { ?>
-<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter_query ?><?= $sort_query ?>&page=0"><?= $zmSlangAll ?></a></td>
+<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter['query'] ?><?= $sort_query ?>&page=0"><?= $zmSlangAll ?></a></td>
 <?php } elseif ( $paged && empty($page) ) { ?>
-<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter_query ?><?= $sort_query ?>&page=1"><?= $zmSlangPaged ?></a></td>
+<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter['query'] ?><?= $sort_query ?>&page=1"><?= $zmSlangPaged ?></a></td>
 <?php } ?>
 <?php if ( canEdit( 'Events' ) ) { ?><td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=none&action=delete&mark_eid=<?= $eid ?>"><?= $zmSlangDelete ?></a></td><?php } ?>
 <?php if ( canEdit( 'Events' ) ) { ?><td align="center" class="text"><a href="javascript: newWindow( '<?= $PHP_SELF ?>?view=eventdetail&eid=<?= $eid ?>', 'zmEventDetail', <?= $jws['eventdetail']['w'] ?>, <?= $jws['eventdetail']['h'] ?> )"><?= $zmSlangEdit ?></a></td><?php } ?>
 <?php if ( canView( 'Events' ) ) { ?><td align="center" class="text"><a href="javascript: newWindow( '<?= $PHP_SELF ?>?view=export&eid=<?= $eid ?>', 'zmExport', <?= $jws['export']['w'] ?>, <?= $jws['export']['h'] ?> )"><?= $zmSlangExport ?></a></td><?php } ?>
 <?php if ( canEdit( 'Events' ) ) { ?>
 <?php if ( $event['Archived'] ) { ?>
-<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&action=unarchive&eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>"><?= $zmSlangUnarchive ?></a></td>
+<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&action=unarchive&eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>"><?= $zmSlangUnarchive ?></a></td>
 <?php } else { ?>
-<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&action=archive&eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>"><?= $zmSlangArchive ?></a></td>
+<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&action=archive&eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>"><?= $zmSlangArchive ?></a></td>
 <?php } ?>
 <?php } ?>
 <?php if ( $mode == "stream" ) { ?>
-<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter_query ?><?= $sort_query ?>&page=1"><?= $zmSlangStills ?></a></td>
+<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter['query'] ?><?= $sort_query ?>&page=1"><?= $zmSlangStills ?></a></td>
 <?php } elseif ( canStream() ) { ?>
-<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=event&mode=stream&eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>"><?= $zmSlangStream ?></a></td>
+<td align="center" class="text"><a href="<?= $PHP_SELF ?>?view=event&mode=stream&eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>"><?= $zmSlangStream ?></a></td>
 <?php } ?>
 <?php if ( ZM_OPT_MPEG != "no" ) { ?>
 <td align="center" class="text"><a href="javascript: newWindow( '<?= $PHP_SELF ?>?view=video&eid=<?= $eid ?>', 'zmVideo', <?= $jws['video']['w']+$event['Width'] ?>, <?= $jws['video']['h']+$event['Height'] ?> );"><?= $zmSlangVideo ?></a></td>
@@ -294,11 +294,11 @@ if ( $mode == "still" && $paged && !empty($page) )
         if ( false && $page > 2 )
         {
 ?>
-<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter_query ?><?= $sort_query ?>&page=1">&lt;&lt;</a>&nbsp;
+<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter['query'] ?><?= $sort_query ?>&page=1">&lt;&lt;</a>&nbsp;
 <?php
         }
 ?>
-<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter_query ?><?= $sort_query ?>&page=<?= $page - 1 ?>">&lt;</a>&nbsp;
+<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter['query'] ?><?= $sort_query ?>&page=<?= $page - 1 ?>">&lt;</a>&nbsp;
 <?php
         $new_pages = array();
         $pages_used = array();
@@ -319,7 +319,7 @@ if ( $mode == "still" && $paged && !empty($page) )
         foreach ( $new_pages as $new_page )
         {
 ?>
-<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter_query ?><?= $sort_query ?>&page=<?= $new_page ?>"><?= $new_page ?></a>&nbsp;
+<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter['query'] ?><?= $sort_query ?>&page=<?= $new_page ?>"><?= $new_page ?></a>&nbsp;
 <?php
         }
     }
@@ -347,16 +347,16 @@ if ( $mode == "still" && $paged && !empty($page) )
         foreach ( $new_pages as $new_page )
         {
 ?>
-&nbsp;<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter_query ?><?= $sort_query ?>&page=<?= $new_page ?>"><?= $new_page ?></a>
+&nbsp;<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter['query'] ?><?= $sort_query ?>&page=<?= $new_page ?>"><?= $new_page ?></a>
 <?php
         }
 ?>
-&nbsp;<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter_query ?><?= $sort_query ?>&page=<?= $page + 1 ?>">&gt;</a>
+&nbsp;<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter['query'] ?><?= $sort_query ?>&page=<?= $page + 1 ?>">&gt;</a>
 <?php
         if ( false && $page < ($pages-1) )
         {
 ?>
-&nbsp;<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter_query ?><?= $sort_query ?>&page=<?= $pages ?>">&gt;&gt;</a>
+&nbsp;<a href="<?= $PHP_SELF ?>?view=event&mode=still&eid=<?= $eid ?>&scale=<?= $scale ?><?= $filter['query'] ?><?= $sort_query ?>&page=<?= $pages ?>">&gt;&gt;</a>
 <?php
         }
     }
@@ -423,7 +423,7 @@ if ( $mode == "stream" )
             }
             $title = "+".(int)round(($i * $frame_data['Duration'])/$panel_sections)."s";
 ?>
-<div class="Section" id="PanelSection<?= $i ?>" title="<?= $title ?>" style="width: <?= $section_width ?>px; left: <?= $section_offset ?>px; background-color: <?= $section_color ?>;<?= $divider ?>" onClick="window.location='<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $event['Id'] ?>&fid=<?= $start_frame ?><?= $filter_query ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>'"></div>
+<div class="Section" id="PanelSection<?= $i ?>" title="<?= $title ?>" style="width: <?= $section_width ?>px; left: <?= $section_offset ?>px; background-color: <?= $section_color ?>;<?= $divider ?>" onClick="window.location='<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $event['Id'] ?>&fid=<?= $start_frame ?><?= $filter['query'] ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>'"></div>
 <?php
         }
 ?>
@@ -480,11 +480,11 @@ else
 ?>
 <tr>
 <td><table width="100%" cellpadding="0" cellspacing="0" border="0"><tr>
-<td width="20%" align="center" class="text"><?php if ( $prev_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $prev_event['Id'] ?><?= $filter_query ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>"><?= $zmSlangPrev ?></a><?php } else { ?>&nbsp;<?php } ?></td>
-<td width="20%" align="center" class="text"><?php if ( canEdit( 'Events' ) && $prev_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $prev_event['Id'] ?><?= $filter_query ?><?= $sort_query ?>&limit=<?= $limit ?>&action=delete&mark_eid=<?= $eid ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>"><?= $zmSlangDeleteAndPrev ?></a><?php } else { ?>&nbsp;<?php } ?></td>
-<td width="20%" align="center" class="text"><?php if ( $mode == "stream" ) { if ( $play && $next_event ) { ?><a href="javascript: window.clearTimeout( timeout_id );"><?= $zmSlangStop ?></a><?php } elseif ( $next_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>&play=1"><?= $zmSlangPlayAll ?></a><?php } else { ?>&nbsp;<?php } } else { ?>&nbsp;<?php } ?></td>
-<td width="20%" align="center" class="text"><?php if ( canEdit( 'Events' ) && $next_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $next_event['Id'] ?><?= $filter_query ?><?= $sort_query ?>&limit=<?= $limit ?>&action=delete&mark_eid=<?= $eid ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>"><?= $zmSlangDeleteAndNext ?></a><?php } else { ?>&nbsp;<?php } ?></td>
-<td width="20%" align="center" class="text"><?php if ( $next_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $next_event['Id'] ?><?= $filter_query ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>"><?= $zmSlangNext ?></a><?php } else { ?>&nbsp;<?php } ?></td>
+<td width="20%" align="center" class="text"><?php if ( $prev_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $prev_event['Id'] ?><?= $filter['query'] ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>"><?= $zmSlangPrev ?></a><?php } else { ?>&nbsp;<?php } ?></td>
+<td width="20%" align="center" class="text"><?php if ( canEdit( 'Events' ) && $prev_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $prev_event['Id'] ?><?= $filter['query'] ?><?= $sort_query ?>&limit=<?= $limit ?>&action=delete&mark_eid=<?= $eid ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>"><?= $zmSlangDeleteAndPrev ?></a><?php } else { ?>&nbsp;<?php } ?></td>
+<td width="20%" align="center" class="text"><?php if ( $mode == "stream" ) { if ( $play && $next_event ) { ?><a href="javascript: window.clearTimeout( timeout_id );"><?= $zmSlangStop ?></a><?php } elseif ( $next_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>&play=1"><?= $zmSlangPlayAll ?></a><?php } else { ?>&nbsp;<?php } } else { ?>&nbsp;<?php } ?></td>
+<td width="20%" align="center" class="text"><?php if ( canEdit( 'Events' ) && $next_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $next_event['Id'] ?><?= $filter['query'] ?><?= $sort_query ?>&limit=<?= $limit ?>&action=delete&mark_eid=<?= $eid ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>"><?= $zmSlangDeleteAndNext ?></a><?php } else { ?>&nbsp;<?php } ?></td>
+<td width="20%" align="center" class="text"><?php if ( $next_event ) { ?><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $next_event['Id'] ?><?= $filter['query'] ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>"><?= $zmSlangNext ?></a><?php } else { ?>&nbsp;<?php } ?></td>
 </tr></table></td>
 </tr>
 </table>
@@ -497,7 +497,7 @@ if ( $mode == "stream" )
     if ( $play && $next_event )
     {
 ?>
-var timeout_id = window.setTimeout( "window.location.replace( '<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $next_event['Id'] ?><?= $filter_query ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>&play=1' );", <?= ($frame_data['RealDuration']+1)*1000 ?> );
+var timeout_id = window.setTimeout( "window.location.replace( '<?= $PHP_SELF ?>?view=<?= $view ?>&mode=<?= $mode ?>&eid=<?= $next_event['Id'] ?><?= $filter['query'] ?><?= $sort_query ?>&limit=<?= $limit ?>&page=<?= $page ?>&rate=<?= $rate ?>&scale=<?= $scale ?>&play=1' );", <?= ($frame_data['RealDuration']+1)*1000 ?> );
 <?php
     }
     $start_section = 0;
diff --git a/web/zm_html_view_timeline.php b/web/zm_html_view_timeline.php
index 3b3d0a66c..73a437040 100644
--- a/web/zm_html_view_timeline.php
+++ b/web/zm_html_view_timeline.php
@@ -213,14 +213,9 @@ if ( isset($min_time) && isset($max_time) )
 }
 else
 {
-	//$filter_query = parseTreeToQuery( $tree );
-	//echo $filter_query;
-	//echo '<br>';
 	$filter_sql = parseTreeToSQL( $tree );
 	$temp_min_time = $temp_max_time = $temp_expandable = false;
 	extractDatetimeRange( $tree, $temp_min_time, $temp_max_time, $temp_expandable );
-	//echo $filter_sql;
-	//echo '<br>';
 
 	if ( $filter_sql )
 	{
@@ -265,8 +260,6 @@ if ( $tree )
     {
 	    $filter_query = '&'.$filter_query;
     }
-    //echo $filter_query;
-    //echo '<br>';
 }
 
 $scales = array(
diff --git a/web/zm_xhtml_view_event.php b/web/zm_xhtml_view_event.php
index 6b53999f6..643afe18c 100644
--- a/web/zm_xhtml_view_event.php
+++ b/web/zm_xhtml_view_event.php
@@ -54,7 +54,7 @@ elseif ( isset( $fid ) )
 parseSort( true, '&amp;' );
 parseFilter( true, '&amp;' );
 
-$sql = "select E.* from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sort_column ".($sort_order=='asc'?'<=':'>=')." '".$event[$sort_field]."'$filter_sql$mid_sql order by $sort_column ".($sort_order=='asc'?'desc':'asc');
+$sql = "select E.* from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sort_column ".($sort_order=='asc'?'<=':'>=')." '".$event[$sort_field]."'".$filter['sql'].$mid_sql". order by $sort_column ".($sort_order=='asc'?'desc':'asc');
 $result = dbQuery( $sql );
 while ( $row = dbFetchNext( $result ) )
 {
@@ -65,7 +65,7 @@ while ( $row = dbFetchNext( $result ) )
 	}
 }
 
-$sql = "select E.* from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sort_column ".($sort_order=='asc'?'>=':'<=')." '".$event[$sort_field]."'$filter_sql$mid_sql order by $sort_column $sort_order";
+$sql = "select E.* from Events as E inner join Monitors as M on E.MonitorId = M.Id where $sort_column ".($sort_order=='asc'?'>=':'<=')." '".$event[$sort_field]."'".$filter['sql'].$mid_sql." order by $sort_column $sort_order";
 $result = dbQuery( $sql );
 while ( $row = dbFetchNext( $result ) )
 {
@@ -91,7 +91,7 @@ $paged = $event['Frames'] > $frames_per_page;
 <table style="width: 100%">
 <tr>
 <td align="left"><?= makeLink( "$PHP_SELF?view=eventdetails&amp;eid=$eid", $event['Name'].($event['Archived']?'*':''), canEdit( 'Events' ) ) ?></td>
-<td align="right"><?php if ( canEdit( 'Events' ) ) { ?><a href="<?= $PHP_SELF ?>?view=events&amp;action=delete&amp;mark_eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>&amp;limit=<?= $limit ?>&amp;page=<?= $page ?>"><?= $zmSlangDelete ?></a><?php } else { ?>&nbsp;<?php } ?></td>
+<td align="right"><?php if ( canEdit( 'Events' ) ) { ?><a href="<?= $PHP_SELF ?>?view=events&amp;action=delete&amp;mark_eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>&amp;limit=<?= $limit ?>&amp;page=<?= $page ?>"><?= $zmSlangDelete ?></a><?php } else { ?>&nbsp;<?php } ?></td>
 </tr>
 </table>
 <?php
@@ -117,11 +117,11 @@ if ( $paged && !empty($page) )
 		if ( false && $page > 2 )
 		{
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>&amp;page=1">&lt;&lt;</a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=1">&lt;&lt;</a></td>
 <?php
 		}
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $page-1 ?>">&lt;</a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $page-1 ?>">&lt;</a></td>
 <?php
 		$new_pages = array();
 		$pages_used = array();
@@ -142,7 +142,7 @@ if ( $paged && !empty($page) )
 		foreach ( $new_pages as $new_page )
 		{
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $new_page ?>"><?= $new_page ?></a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $new_page ?>"><?= $new_page ?></a></td>
 <?php
 		}
 	}
@@ -170,16 +170,16 @@ if ( $paged && !empty($page) )
 		foreach ( $new_pages as $new_page )
 		{
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $new_page ?>"><?= $new_page ?></a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $new_page ?>"><?= $new_page ?></a></td>
 <?php
 		}
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $page+1 ?>">&gt;</a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $page+1 ?>">&gt;</a></td>
 <?php
 		if ( false && $page < ($pages-1) )
 		{
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $pages ?>">&gt;&gt;</a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=event&amp;mode=still&amp;eid=<?= $eid ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $pages ?>">&gt;&gt;</a></td>
 <?php
 		}
 	}
diff --git a/web/zm_xhtml_view_events.php b/web/zm_xhtml_view_events.php
index 77cf129f4..bcf4e870b 100644
--- a/web/zm_xhtml_view_events.php
+++ b/web/zm_xhtml_view_events.php
@@ -132,11 +132,11 @@ if ( !empty($limit) && $n_events > $limit )
 				if ( false && $page > 2 )
 				{
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter_query ?><?= $sort_query ?>&amp;page=1">&lt;&lt;</a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=1">&lt;&lt;</a></td>
 <?php
 				}
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $page-1 ?>">&lt;</a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $page-1 ?>">&lt;</a></td>
 <?php
 				$new_pages = array();
 				$pages_used = array();
@@ -157,7 +157,7 @@ if ( !empty($limit) && $n_events > $limit )
 				foreach ( $new_pages as $new_page )
 				{
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $new_page ?>"><?= $new_page ?></a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $new_page ?>"><?= $new_page ?></a></td>
 <?php
 				}
 			}
@@ -185,16 +185,16 @@ if ( !empty($limit) && $n_events > $limit )
 				foreach ( $new_pages as $new_page )
 				{
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $new_page ?>"><?= $new_page ?></a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $new_page ?>"><?= $new_page ?></a></td>
 <?php
 				}
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $page+1 ?>">&gt;</a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $page+1 ?>">&gt;</a></td>
 <?php
 				if ( false && $page < ($pages-1) )
 				{
 ?>
-<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter_query ?><?= $sort_query ?>&amp;page=<?= $pages ?>">&gt;&gt;</a></td>
+<td align="center"><a href="<?= $PHP_SELF ?>?view=<?= $view ?>&amp;limit=<?= $limit ?><?= $filter['query'] ?><?= $sort_query ?>&amp;page=<?= $pages ?>">&gt;&gt;</a></td>
 <?php
 				}
 			}