ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8,218 Commits 20 Branches 69 Tags 131 MiB
Commit Graph

387 Commits

Author SHA1 Message Date
Isaac Connor d9c665b021 Merge branch 'fix_crash_with_invalid_zones' into storageareas 2017-03-17 09:35:11 -04:00
Andrew Bauer 7e0ac4b239 Merge pull request #1780 from connortechnology/fix_1775 
use escapeshellarg on inputs to daemonControl and other functions
 2017-03-16 09:27:04 -05:00
Isaac Connor 4df12ae370 Merge branch 'montage_width_height' of github.com:ConnorTechnology/ZoneMinder into montage_width_height 2017-03-06 17:30:00 -05:00
Isaac Connor fdcb93eacc Merge branch 'master' into storageareas 2017-03-06 16:22:28 -05:00
Isaac Connor 4fc0aead70 wip 2017-03-01 15:26:40 -05:00
Isaac Connor c4caa9a631 convert arguments from an array of strong to a hash and use http_build_query 2017-02-27 21:48:08 -05:00
Isaac Connor c3a52272d8 implement changeWidth, changeHeight and alter getStreamHTML to take an array of options 2017-02-27 20:56:14 -05:00
Andy Bauer 8759e2bdb4 prevent divide by zero, make error messages more descriptive 2017-02-21 13:10:41 -06:00
Andy Bauer 27ca8d8674 use === operator in getDiskPercent function 2017-02-21 12:33:05 -06:00
Isaac Connor 186e5ba866 Merge branch 'master' into storageareas 2017-02-21 09:48:00 -05:00
Manojav Sridhar f50c0e2096 fix missing isset check, caused number of Undefined Property warnings 2017-02-18 11:15:43 -05:00
Isaac Connor 2bf4b5ad1a use escapeshellarg on inputs to daemonControl and other functions where exec is called 2017-02-15 09:45:25 -05:00
Isaac Connor d135216ac7 Merge branch 'master' into storageareas 2017-02-15 09:30:35 -05:00
Kyle Johnson 5804cd2462 Merge pull request #2 from connortechnology/fix_sql_injection 
Sanitize input parameters
 2017-02-04 15:05:54 -07:00
Andrew Bauer c5906a5d4f Merge pull request #6 from connortechnology/log_xss_fixes2 
Log xss fixes2
 2017-02-04 16:05:43 -06:00
Kyle Johnson 6b3a53ec0f Tell PDO to use real prepared statements. 
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.

See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
 2017-02-04 14:59:33 -07:00
Isaac Connor 9fd9c5de20 test for empty and non-existent path 2017-01-30 17:24:41 -05:00
Isaac Connor fda115bebe tell zmc and zma to stop before updating db 2017-01-30 16:37:53 -05:00
Isaac Connor 41dab0750e turn whatever gets output into html escaped html so that nothing gets revealed 2017-01-27 21:30:22 -05:00
Isaac Connor a8d1450adf Merge branch 'master' into fix_sql_injection 2017-01-27 17:18:34 -05:00
Kyle Johnson 746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor c1e05753d6 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro 2017-01-27 17:12:46 -05:00
Isaac Connor 8ce7719a33 remove extra db call cuz i sredundant 2017-01-18 21:12:54 -05:00
Isaac Connor 899b1b82b9 Merge branch 'filter_by_runstate' into storageareas 2017-01-14 17:07:20 -05:00
Isaac Connor 242e5a56d8 rough in the ability to filter on RunState 2017-01-14 16:55:28 -05:00
Isaac Connor 3074263e06 Merge branch 'control_fixes' into storageareas 2017-01-10 12:54:46 -05:00
Isaac Connor 55403219d8 fix regexp for direction in control command. Also log if the regexp doesn't match 2017-01-10 12:35:38 -05:00
Isaac Connor d8b8d78576 Fix storagearea lookup. Default to ZM_EVENTS_DIR 2017-01-09 16:35:58 -05:00
Isaac Connor 03fd964518 fix parsing StorageID 2017-01-09 14:59:14 -05:00
Isaac Connor f6ea52280a Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions 2017-01-02 10:34:15 -05:00
Isaac Connor 5ae34a7561 Merge branch 'master' into storageareas 2017-01-02 09:39:10 -05:00
klemens 0d549f1db3 spelling fixes 2016-12-29 10:31:05 +01:00
Andy Bauer 254fcbcef7 update gpl 2 mailing address in source files 2016-12-26 09:23:16 -06:00
Isaac Connor 794043cbe9 On successful login, tell php to regenerate the session id 2016-12-14 15:06:18 -05:00
Isaac Connor 821f9f8e6e Merge branch 'fix_sql_injection' into storageareas 2016-12-08 15:58:10 -05:00
Isaac Connor b5e4c94682 test for integer string as well 2016-12-08 15:58:00 -05:00
Isaac Connor 08370b010e Merge branch 'log_xss_fixes' into storageareas 2016-12-08 15:52:37 -05:00
Isaac Connor 42fdd1fbe9 Use htmlentities on the error message when dying because the string will be sent to the browser and if it includes scripts they will be run. 2016-12-08 15:52:21 -05:00
Isaac Connor ced701f56f Merge branch 'fix_sql_injection' into storageareas 2016-12-08 14:58:50 -05:00
Isaac Connor e7d0861530 check limit for a valid integer and complain if not. 2016-12-08 13:37:23 -05:00
Isaac Connor 9e5f52a0ae fix MonitorId is part of event, not frame 2016-11-29 15:25:51 -05:00
Isaac Connor be5b4691da check for isset of SESSION['username'] instead of just assuming it exists 2016-11-22 15:35:07 -05:00
Isaac Connor 9312eed17f Merge branch 'master' into disk_space_in_events 2016-11-22 10:58:24 -05:00
Isaac Connor 6bf921a858 Add thumbnanils to the frames view. Also add a content-disposition header and some url mangling to help browsers give a useful filename when doing Save Image As 2016-11-21 12:28:15 -05:00
Isaac Connor 2bd080a6a6 Merge branch 'master' into storageareas 2016-11-15 08:41:00 -05:00
Isaac Connor 8f71971209 Show error message upon unsuccessful login. Fixes #1648 (#1680) 
* Add additional post-cmake files to .gitignore

* Add bootstrap 3.3.7

* Load bootstrap css

* Restyle login page, move recaptcha js to <head>

The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.

* Update doctype to HTML5, add meta tags for mobile browsers

* Move inline Login css to css file

* Remove extra php tag in functions.php

* Show error message upon unsuccessful login.  Fixes #1648

 * Includes bootstrap glyphicons as they're used in the error message.
 * Failure check is done via a simple test in login.js.php and login.js.
   The 'view' param will only be set (to 'postlogin') if the login page
   has refreshed due to a failed login.  Otherwise you're directed to
   the console view.

* Only load bootstrap css in specific views.

Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.

* Test for invalid login via session variable.

The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login

* Fix a few typos in login inputs

* Add new fonts directory to web CMakeLists
 2016-11-14 21:24:43 -05:00
Isaac Connor 3b7723ee8f Merge branch 'master' into storageareas 2016-11-11 22:40:00 -05:00
Andrew Bauer 49d8e35e56 Show available PATH_MAP percent on console (#1675) 
* Add PATH_SWAP percent to console

* add changes to console.php

* use ZM_PATH_MAP instead of ZM_PATH_SWAP

* show the folder name PATH_MAP points to

* use a dash as the delimiter instead of fwd slash
 2016-11-11 08:47:08 -05:00
Kyle Johnson 95d00f70a3 Test for invalid login via session variable. 
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
 2016-11-10 23:29:12 -07:00
Isaac Connor 4defad1352 Merge branch 'add_scale_to_frame_view' into storageareas 2016-10-26 14:04:43 -04:00