5ce681b463
instantiate a false Frame object with id = objectect
2019-02-11 16:37:22 -05:00
ed6b22ac06
spacing
2019-02-11 16:29:36 -05:00
5a924ab176
cleanup redundant code and spacing
2019-02-11 16:29:19 -05:00
3871c28089
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-11 14:15:35 -05:00
40e0019267
fix all the nav missing when a users Monitors Permission is None
2019-02-11 14:15:24 -05:00
a3374aa26c
Merge branch 'reload_zmfilter_on_filter_save' into storageareas
2019-02-11 13:26:53 -05:00
5695be9f32
rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved.
2019-02-11 13:21:00 -05:00
5a333e153c
show object detected file, if object detection in place ( #2514 )
2019-02-11 10:58:34 -05:00
cd0d753cce
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-02-11 09:55:50 -05:00
e79d7ec736
change let to var
2019-02-11 09:55:45 -05:00
9675367e03
event.js: Wait for delete request to succeed before navigating. Fixes #2384 ( #2515 )
2019-02-11 09:34:51 -05:00
cdbd59f054
bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493
2019-02-10 13:22:08 -08:00
ef1112801f
Request browser name and version for web issues (part 2)
2019-02-10 12:38:18 -08:00
28a8af34d5
Request browser name and version for web issues
2019-02-10 12:22:44 -08:00
cda4a28fec
Fix accidental use of 'let' in 255806bd54
2019-02-10 11:14:55 -08:00
2975225918
Cleanup old files ( #2509 )
...
* Remove Doc-Pak folder
Duplicates and out of date
* Delete umutils dir, looks like some old build script.
* Remove NEWS file as it is not being used.
* Remove TODO
* Remove description-pak, hanging around since NextTime days
* Delete ChangeLog file leaving CHANGELOG.MD as main file, which needs updating..
* Remove INSTALL file as it was not up to date, happy to consider an update instead.
* Remove Authors, not really adding much value and pretty sure the history is documented elsewhere.
* Deleted BUGS. Should be covered in the readme, let me know if you want me to add a link..
2019-02-10 13:09:40 -05:00
87413d447d
Set CSRF on as the default for new installs. Fixes #2507 ( #2508 )
...
* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations.
* Fix the spelling mistake that I noticed after editing this.
2019-02-10 13:08:58 -05:00
555cb4780d
Merge branch 'master' into storageareas
2019-02-10 12:37:45 -05:00
c9032d3cb4
add autocomplete tags to username and password inputs
2019-02-10 00:27:33 -08:00
c8e41bfee7
log.php: Ensure 'line' is an integer. Helps with #2466
2019-02-10 00:10:39 -08:00
a6ee79f428
Fix typo in dbc1c7b72f comment
2019-02-09 22:40:39 -08:00
dbc1c7b72f
Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469
2019-02-09 22:39:54 -08:00
a97711de89
Replace or sanitize remaining uses of PHP_SELF. Fixes #2446
2019-02-09 22:12:36 -08:00
99f1e23c5b
Replace usage of PHP_SELF in views/. Fixes #2450
2019-02-09 21:39:19 -08:00
effd609ff7
Escape output of state names. Fixes #2475
2019-02-09 20:40:08 -08:00
d7ede4643d
_monitor_filters.php: Escape MonitorName and Source. Fixes #2457
2019-02-09 19:14:31 -08:00
c9d597dced
logger.php: Don't output Panic messages unless debugging is on. Fixes #2460
2019-02-09 18:51:30 -08:00
255806bd54
log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453
2019-02-09 18:43:55 -08:00
6af2c4ad0e
Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468
2019-02-09 18:06:21 -08:00
9ce05a9a09
user.php: Escape the Username upon display. Fixes #2467
2019-02-09 17:45:52 -08:00
6d2f3c265f
events.php: Remove inline event handlers and enforce CSP
2019-02-09 17:34:59 -08:00
fcbc22b6a2
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
2019-02-09 17:27:47 -08:00
502f53fad0
functions.php: Fix SQLi in getFormChanges
2019-02-09 17:15:02 -08:00
ef0e5f453a
monitor.php: Fix XSS from LinkedMonitors. Fixes #2463
2019-02-09 17:11:53 -08:00
9705edfe24
monitor.php: Escape monitor method. Fixes #2464
2019-02-09 17:01:45 -08:00
cef54feaf9
monitor.php: Escape a bug of output variables. Fixes #2465
2019-02-09 16:54:06 -08:00
254b7286b4
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
2019-02-09 16:41:54 -08:00
bb75dad091
filter.php: Escape filter query term value to avoid XSS. Fixes #2462
2019-02-09 15:35:55 -08:00
dd37808ef7
filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461
2019-02-09 15:24:13 -08:00
70e59ed546
filter.php: Escape the filter name on output. Fixes #2455
2019-02-09 15:19:15 -08:00
b2a97ee190
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
...
Fixes #2448 , fixes #2449 , and fixes #2447 .
2019-02-09 15:10:45 -08:00
c8066919ff
functions.php: Esacepe textContent in htmlOptions()
2019-02-09 14:14:46 -08:00
7b0ee8a6a2
group: Escape group name in heading. Fixes #2454
2019-02-09 14:05:50 -08:00
fa6716a64b
console: Escape source column output to prevent XSS. Fixes #2452
2019-02-09 02:28:40 -08:00
98e0a0d2c5
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
2019-02-09 02:18:57 -08:00
02f09aad7f
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
2019-02-09 02:01:26 -08:00
61f6a92cc0
view=download: Validate the eid parameter to avoid XSS. Fixes #2442
2019-02-09 01:37:32 -08:00
0b38e72f88
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
2019-02-09 01:16:32 -08:00
e36ac1b872
Add a polyfill for NodeList.prototype.forEach
2019-02-08 21:54:23 -08:00
2dc935b488
added object detection frame rendering ( #2505 )
2019-02-08 13:49:00 -05:00
Isaac Connor
Pliable Pixels
Matt N
Steve Gilvarry