From f09941ed4852fd14279938ff472e5b328a96e173 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 15 Aug 2019 15:16:02 -0400 Subject: [PATCH 1/4] timezone errors shouldn't be fatal --- web/includes/functions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/web/includes/functions.php b/web/includes/functions.php index 65633a04d..2524ef65f 100644 --- a/web/includes/functions.php +++ b/web/includes/functions.php @@ -2400,13 +2400,13 @@ function check_timezone() { #"); if ( $sys_tzoffset != $php_tzoffset ) - ZM\Fatal("ZoneMinder is not installed properly: php's date.timezone does not match the system timezone!"); + ZM\Error("ZoneMinder is not installed properly: php's date.timezone does not match the system timezone!"); if ( $sys_tzoffset != $mysql_tzoffset ) ZM\Error("ZoneMinder is not installed properly: mysql's timezone does not match the system timezone! Event lists will display incorrect times."); if (!ini_get('date.timezone') || !date_default_timezone_set(ini_get('date.timezone'))) - ZM\Fatal( "ZoneMinder is not installed properly: php's date.timezone is not set to a valid timezone" ); + ZM\Error("ZoneMinder is not installed properly: php's date.timezone is not set to a valid timezone"); } From 1103928ed73748a6d1d6f597fb583490186481a9 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 15 Aug 2019 15:16:20 -0400 Subject: [PATCH 2/4] only call check_timezone on console for efficiency in all other requests --- web/index.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/web/index.php b/web/index.php index a4f6160d4..11207f02a 100644 --- a/web/index.php +++ b/web/index.php @@ -77,8 +77,6 @@ if ( $_SERVER['REQUEST_METHOD'] == 'OPTIONS' ) { return; } -// Verify the system, php, and mysql timezones all match -check_timezone(); if ( isset($_GET['skin']) ) { $skin = $_GET['skin']; @@ -169,6 +167,7 @@ $view = null; if ( isset($_REQUEST['view']) ) $view = detaintPath($_REQUEST['view']); + # Add CSP Headers $cspNonce = bin2hex(openssl_random_pseudo_bytes(16)); @@ -193,6 +192,11 @@ isset($view) || $view = NULL; isset($request) || $request = NULL; isset($action) || $action = NULL; +if ( (!$view and !$request) or ($view == 'console') ) { + // Verify the system, php, and mysql timezones all match + check_timezone(); +} + ZM\Logger::Debug("View: $view Request: $request Action: $action User: " . ( isset($user) ? $user['Username'] : 'none' )); if ( ZM_ENABLE_CSRF_MAGIC && From 68052368f7c5b8913c26757b664ad6fcfd5d0fe7 Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 15 Aug 2019 16:04:37 -0400 Subject: [PATCH 3/4] use backticks on table and column names. Use data-on-change-this in group dropdown --- web/includes/Group.php | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/web/includes/Group.php b/web/includes/Group.php index c188b553f..a2ad252cd 100644 --- a/web/includes/Group.php +++ b/web/includes/Group.php @@ -118,13 +118,13 @@ class Group extends ZM_Object { if ( is_array($group_id) ) { $group_id_sql_part = ' IN ('.implode(',', array_map(function(){return '?';}, $group_id ) ).')'; - $MonitorIds = dbFetchAll('SELECT MonitorId FROM Groups_Monitors WHERE GroupId'.$group_id_sql_part, 'MonitorId', $group_id); + $MonitorIds = dbFetchAll('SELECT `MonitorId` FROM `Groups_Monitors` WHERE `GroupId`'.$group_id_sql_part, 'MonitorId', $group_id); - $MonitorIds = array_merge($MonitorIds, dbFetchAll('SELECT MonitorId FROM Groups_Monitors WHERE GroupId IN (SELECT Id FROM Groups WHERE ParentId'.$group_id_sql_part.')', 'MonitorId', $group_id)); + $MonitorIds = array_merge($MonitorIds, dbFetchAll('SELECT `MonitorId` FROM `Groups_Monitors` WHERE `GroupId` IN (SELECT `Id` FROM `Groups` WHERE `ParentId`'.$group_id_sql_part.')', 'MonitorId', $group_id)); } else { - $MonitorIds = dbFetchAll('SELECT MonitorId FROM Groups_Monitors WHERE GroupId=?', 'MonitorId', array($group_id)); + $MonitorIds = dbFetchAll('SELECT `MonitorId` FROM `Groups_Monitors` WHERE `GroupId`=?', 'MonitorId', array($group_id)); - $MonitorIds = array_merge($MonitorIds, dbFetchAll('SELECT MonitorId FROM Groups_Monitors WHERE GroupId IN (SELECT Id FROM Groups WHERE ParentId = ?)', 'MonitorId', array($group_id))); + $MonitorIds = array_merge($MonitorIds, dbFetchAll('SELECT `MonitorId` FROM `Groups_Monitors` WHERE `GroupId` IN (SELECT `Id` FROM `Groups` WHERE `ParentId` = ?)', 'MonitorId', array($group_id))); } $groupSql = " find_in_set( M.Id, '".implode(',', $MonitorIds)."' )"; } @@ -132,17 +132,17 @@ class Group extends ZM_Object { } # end public static function get_group_sql( $group_id ) public static function get_monitors_dropdown($options = null) { - $monitor_id = 0; - if ( isset($_REQUEST['monitor_id']) ) { - $monitor_id = $_REQUEST['monitor_id']; - } else if ( isset($_COOKIE['zmMonitorId']) ) { - $monitor_id = $_COOKIE['zmMonitorId']; - } - $sql = 'SELECT * FROM Monitors'; + $monitor_id = 0; + if ( isset($_REQUEST['monitor_id']) ) { + $monitor_id = $_REQUEST['monitor_id']; + } else if ( isset($_COOKIE['zmMonitorId']) ) { + $monitor_id = $_COOKIE['zmMonitorId']; + } + $sql = 'SELECT `Id`,`Name` FROM `Monitors`'; if ( $options ) { $sql .= ' WHERE '. implode(' AND ', array( ( isset($options['groupSql']) ? $options['groupSql']:'') - ) ).' ORDER BY Sequence ASC'; + ) ).' ORDER BY `Sequence` ASC'; } $monitors_dropdown = array(''=>'All'); @@ -153,7 +153,7 @@ class Group extends ZM_Object { $monitors_dropdown[$monitor['Id']] = $monitor['Name']; } - echo htmlSelect('monitor_id', $monitors_dropdown, $monitor_id, array('onchange'=>'changeMonitor(this);')); + echo htmlSelect('monitor_id', $monitors_dropdown, $monitor_id, array('data-on-change-this'=>'changeMonitor')); return $monitor_id; } From 336f45219bf8b05ab288b490cb632eadef8354ce Mon Sep 17 00:00:00 2001 From: Isaac Connor Date: Thu, 15 Aug 2019 16:04:56 -0400 Subject: [PATCH 4/4] fix object caching --- web/includes/Object.php | 42 +++++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/web/includes/Object.php b/web/includes/Object.php index 2b58928d9..4e73da5d3 100644 --- a/web/includes/Object.php +++ b/web/includes/Object.php @@ -8,16 +8,11 @@ class ZM_Object { public function __construct($IdOrRow = NULL) { $class = get_class($this); - global $object_cache; - if ( ! isset($object_cache[$class]) ) - $object_cache[$class] = array(); - $cache = $object_cache[$class]; - - $table = $class::$table; $row = NULL; if ( $IdOrRow ) { if ( is_integer($IdOrRow) or ctype_digit($IdOrRow) ) { + $table = $class::$table; $row = dbFetchOne("SELECT * FROM `$table` WHERE `Id`=?", NULL, array($IdOrRow)); if ( !$row ) { Error("Unable to load $class record for Id=$IdOrRow"); @@ -25,17 +20,24 @@ class ZM_Object { } elseif ( is_array($IdOrRow) ) { $row = $IdOrRow; } - } # end if isset($IdOrRow) - if ( $row ) { - foreach ($row as $k => $v) { - $this->{$k} = $v; + + if ( $row ) { + global $object_cache; + if ( ! isset($object_cache[$class]) ) { + $object_cache[$class] = array(); + } + $cache = &$object_cache[$class]; + + foreach ($row as $k => $v) { + $this->{$k} = $v; + } + $cache[$row['Id']] = $this; } - $cache[$row['Id']] = $this; } else { # Set defaults foreach ( $this->defaults as $k => $v ) $this->{$k} = $v; - } - } + } # end if isset($IdOrRow) + } # end function __construct public function __call($fn, array $args){ if ( count($args) ) { @@ -48,7 +50,7 @@ class ZM_Object { return $this->defaults{$fn}; } else { $backTrace = debug_backtrace(); - Warning("Unknown function call Sensor->$fn from ".print_r($backTrace,true)); + Warning("Unknown function call Object->$fn from ".print_r($backTrace,true)); } } } @@ -98,13 +100,13 @@ class ZM_Object { } } return $results; - } # end public function find() + } # end public function _find() public static function _find_one($class, $parameters = array(), $options = array() ) { global $object_cache; if ( ! isset($object_cache[$class]) ) $object_cache[$class] = array(); - $cache = $object_cache[$class]; + $cache = &$object_cache[$class]; if ( ( count($parameters) == 1 ) and isset($parameters['Id']) and @@ -162,7 +164,7 @@ class ZM_Object { } else if ( is_null($v) ) { $this->{$k} = $v; } else { - Error( "Unknown type $k => $v of var " . gettype( $v ) ); + Error("Unknown type $k => $v of var " . gettype($v)); $this->{$k} = $v; } } # end if method_exists @@ -175,7 +177,7 @@ class ZM_Object { if ( method_exists($this, $field) ) { $old_value = $this->$field(); - Logger::Debug("Checking method $field () ".print_r($old_value,true)." => " . print_r($value,true)); + Logger::Debug("Checking method $field () ".print_r($old_value,true).' => ' . print_r($value,true)); if ( is_array($old_value) ) { $diff = array_recursive_diff($old_value, $value); Logger::Debug("Checking method $field () diff is".print_r($diff,true)); @@ -186,13 +188,13 @@ class ZM_Object { $changes[$field] = $value; } } else if ( array_key_exists($field, $this) ) { - Logger::Debug("Checking field $field => ".$this->{$field} . " ?= " .$value); + Logger::Debug("Checking field $field => ".$this->{$field} . ' ?= ' .$value); if ( $this->{$field} != $value ) { $changes[$field] = $value; } } else if ( array_key_exists($field, $this->defaults) ) { - Logger::Debug("Checking default $field => ".$this->defaults[$field] . " " .$value); + Logger::Debug("Checking default $field => ".$this->defaults[$field] . ' ' .$value); if ( $this->defaults[$field] != $value ) { $changes[$field] = $value; }