Steve Gilvarry
9956eae70a
Merge pull request #2483 from connortechnology/fix_user_auth_memleak
...
Now that we are dynamically allocating safer_username and safer_passw…
2019-01-26 01:14:18 +11:00
Isaac Connor
6d7660cdbd
Now that we are dynamically allocating safer_username and safer_password, need to free them. Also, don't strlen them multiple times for efficiency
2019-01-25 08:46:40 -05:00
Matt N
8c5687ca30
Fix name/protocol XSS in controlcaps.php. Fixes #2445 ( #2479 )
2019-01-25 08:35:07 -05:00
Matt N
fd6179d7c8
Enforce CSP on many more views ( #2480 )
2019-01-25 08:34:29 -05:00
Steve Gilvarry
a81e7c5221
Safer_username and safer_login should be based on the username and login ( #2482 )
...
(lengths * 2)+1. Control input lengths at user input
2019-01-25 08:33:30 -05:00
Andrew Bauer
99a6db3994
Merge pull request #2481 from mnoorenberghe/2444
...
Fix zones.php self-xss. Fixes #2444
2019-01-25 07:15:08 -06:00
Matthew Noorenberghe
a3e8fd4fd5
Fix zones.php self-xss. Fixes #2444
2019-01-24 23:40:41 -08:00
Andrew Bauer
03590226ac
Merge pull request #2439 from mnoorenberghe/plugin_xss
...
Plugin.php: XSS and directory traversal fixes; Enable CSP script-src
2019-01-24 07:32:57 -06:00
Matthew Noorenberghe
47d8c9b066
plugin.php: Remove undefined onclick function reference and enforce CSP
...
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Matthew Noorenberghe
59cc65411f
plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
...
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
Isaac Connor
e53678f869
Can't use a normal subsitution on the Order by field. So parse the sort param instead
2019-01-23 12:22:00 -05:00
Isaac Connor
8d92375d41
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-23 11:31:10 -05:00
Isaac Connor
6eb4d7ae27
Filter improvements ( #2438 )
...
* Put back code to close the popup when view is none
* clean up and reduce depth of some logic
* Increase width of user popup
* fix code style
* Make execute_filter work on a filter Id instead of name
* rework logic to reduce code depth. Change view to events to display the results of execute.
* Change the redirect to stay on the new view. When redirecting from executing a filter, it was redirecting to filter.
* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
Isaac Connor
b1cc7bf837
fix code style
2019-01-23 11:20:31 -05:00
Isaac Connor
b9584bb5d2
Increase width of user popup
2019-01-23 11:18:46 -05:00
Isaac Connor
58d3583722
clean up and reduce depth of some logic
2019-01-23 11:18:30 -05:00
montagdude
4da95369f9
Fix zone area calculation ( #2437 )
...
Previous method resulted in bogus zone areas (in the range of
1000s of % of frame area) when entering points with the keyboard, even
after applying commit 4937a68650
. This
change implements the method here:
http://mathworld.wolfram.com/PolygonArea.html
It has been tested on ZoneMinder 1.32.3 and works correctly when
either entering coordinates with the keyboard or dragging points with
the mouse.
2019-01-23 10:35:18 -05:00
Isaac Connor
124be4eee6
Put back code to close the popup when view is none
2019-01-23 10:18:57 -05:00
Isaac Connor
7026ebafac
Make ajax/stream wait longer for zms. On pi can take up to 3 seconds. Also for php < 5.6, we need to fake 64bit unpack support
2019-01-22 16:45:38 -05:00
Isaac Connor
932ab62200
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
2019-01-22 13:36:21 -05:00
Isaac Connor
ad69915e4a
fix build on libav 9, ubuntu trusty
2019-01-22 13:30:40 -05:00
Isaac Connor
c5498492e6
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
2019-01-22 11:45:17 -05:00
Isaac Connor
cc8de69eba
Merge branch 'master' into storageareas
2019-01-22 11:44:42 -05:00
Isaac Connor
e60e3666d5
Fix comment
2019-01-22 10:53:53 -05:00
Isaac Connor
2914fb1d58
Update to html5, remove code to close popup (as it is taken care of in skin.js now. Use cache_bust on skin.js
2019-01-22 09:15:25 -05:00
Isaac Connor
e712cedbde
spacing and quotes
2019-01-22 09:14:44 -05:00
Isaac Connor
ae703c45ee
Set closePopup=true so that we don't need code in the none view to close the popup. The common code in skin.js will take care of it.
2019-01-22 09:14:33 -05:00
Matt N
0619a4a161
Validate cnj, obr, and cbr arguments in parseFilter ( #2434 )
2019-01-22 08:03:25 -05:00
Matt N
e7e45b2d95
Remove jQuery use from top-level event listeners in skin.js since view=none doesn't have $j ( #2433 )
2019-01-22 08:00:39 -05:00
Isaac Connor
0d0a0b9dbb
Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas
2019-01-21 13:52:54 -05:00
Isaac Connor
7260f823cb
Merge branch 'master' into storageareas
2019-01-21 13:52:38 -05:00
Isaac Connor
a81428f701
add a test for a 0 fps passed in to updateFrameRate which would cause an infinite loop. Fixes #2427
2019-01-21 13:30:00 -05:00
Isaac Connor
189e78b42d
add comments and a test for zm_terminate in the checkCommandQueue while loop
2019-01-21 13:29:20 -05:00
Isaac Connor
83a652aade
add comments and a test for zm_terminate in the checkCommandQueue while loop
2019-01-21 13:29:14 -05:00
Isaac Connor
9f588d5758
prevent returning infinity from GetFPS
2019-01-21 13:00:10 -05:00
Isaac Connor
785c208ecf
Fixes #2426 . Ca should have been endTime
2019-01-21 12:01:46 -05:00
Isaac Connor
326ac60ae4
add missing braces to fix logic
2019-01-21 11:20:56 -05:00
Isaac Connor
a2d4dc974b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-21 11:19:07 -05:00
Isaac Connor
e663397816
spacing
2019-01-21 11:17:21 -05:00
Isaac Connor
c6311b7079
When logging in, stay on the login view
2019-01-21 11:17:09 -05:00
Isaac Connor
fbc236128e
add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00
2019-01-21 11:16:14 -05:00
Isaac Connor
b24b930f65
After login go to postlogin, not console. the login view is in a popup so we want to close
2019-01-21 11:15:36 -05:00
Matt N
19c272061a
Replace MooTools usage for adding window event listeners ( #2429 )
2019-01-21 11:14:32 -05:00
Matt N
27bcf3f994
Upgrade jQuery version ( #2430 )
...
* Upgrade jQuery to 1.12.4
* Upgrade jQuery to 2.2.4; Stop support for IE8
* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
2019-01-21 11:13:40 -05:00
Matt N
f0b33145f5
Log CSP violations in ZM logs in supported browsers ( #2431 )
2019-01-21 11:12:17 -05:00
Matt N
d7ebc85d81
Replace remaining `console` inline event handlers ( #2432 )
...
* Use a hidden submit button in _monitor_filters rather than onkeydown
* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
Andrew Bauer
d575403900
Update support.yml
2019-01-20 18:15:15 -06:00
Isaac Connor
f69b77e38f
fix eslint complaints
2019-01-19 12:40:17 -05:00
Matt N
a1a42345e3
More eslint fixes; eslint in php; add eslint to travis ( #2419 )
...
* Add eslint to travis.yml
* Update eslint package versions and apply new indent rules
* Enable the brace-style and block-style eslint rules
* Enable the 'curly' eslint rule
* Enable the 'keyword-spacing' eslint rule
* Enable the 'key-spacing' eslint rule
* Enable the 'object-curly-spacing' eslint rule
* Enable the 'no-new-object' eslint rule
* Only disable the no-caller eslint rule in the one affected file
* Enable the 'no-unused-vars' eslint rule for local variables
* Add linting of JS in .php files
2019-01-19 10:32:40 -05:00
Matt N
35fb4366b6
Fix recaptcha support with the CSP ( #2420 )
2019-01-19 09:47:04 -05:00