eb55a6bb9b
set action,view, and/or request to NULL if there are not defined
2017-03-28 17:52:31 -05:00
4e16ae6d19
add ZM_ENABLE_CSRF_MAGIC toggle
2017-03-28 17:29:36 -05:00
6081374ace
Updated Russian translation
2017-03-21 17:39:22 +03:00
eaca58bb7c
Merge pull request #1815 from mnoorenberghe/postlogin
...
Properly escape postLoginQuery. Fixes #1797
2017-03-21 10:27:13 -04:00
ea558c79a0
Fix check that API user is enabled
2017-03-20 17:16:24 -07:00
badbf1c74c
Merge pull request #1816 from mnoorenberghe/flat_window_sizes
...
Increase default window sizes for the flat theme. Fixes #1059
2017-03-20 13:10:13 -04:00
2dcd95bc7f
Merge pull request #1504 from ZoneMinder/improve_filter
...
Improve filter
2017-03-18 21:12:58 -05:00
d38bae72ae
integrate csrf-magic library
2017-03-18 20:12:06 -05:00
a16ea554a3
Swap to PNG
2017-03-18 22:34:13 +11:00
c7955cd1b6
Add eslint configuration files extending Google's rules
2017-03-18 00:02:17 -07:00
91ad6afffb
Increase default window sizes for the flat theme. Fixes #1059
...
Used the computed height of <html> and rounded up the nearest multiple of 5.
2017-03-17 22:24:42 -07:00
ea5342abd2
Properly escape postLoginQuery. Fixes #1797
2017-03-17 21:05:28 -07:00
9681a444b4
Merge pull request #1765 from SteveGilvarry/ffmpeg_url
...
Align Method description to what it is actually doing
2017-03-16 09:32:30 -05:00
7e0ac4b239
Merge pull request #1780 from connortechnology/fix_1775
...
use escapeshellarg on inputs to daemonControl and other functions
2017-03-16 09:27:04 -05:00
8759e2bdb4
prevent divide by zero, make error messages more descriptive
2017-02-21 13:10:41 -06:00
27ca8d8674
use === operator in getDiskPercent function
2017-02-21 12:33:05 -06:00
971c70f540
Merge pull request #1793 from mnoorenberghe/api_debug_default
...
Reduce the default API debug level
2017-02-20 21:44:48 -05:00
df4739826b
Reduce the default API debug level
2017-02-18 23:06:53 -08:00
f50c0e2096
fix missing isset check, caused number of Undefined Property warnings
2017-02-18 11:15:43 -05:00
11b90e6011
fix usage of wrong key
2017-02-17 12:37:58 -05:00
2bf4b5ad1a
use escapeshellarg on inputs to daemonControl and other functions where exec is called
2017-02-15 09:45:25 -05:00
b791504598
Wording of help text fixes
2017-02-06 08:01:04 +11:00
9716c4ef89
Add Option help
2017-02-05 18:43:47 +11:00
c72704bf0b
Change descriptions for ffmpeg methods and put TCP first.
2017-02-05 15:34:06 +11:00
5804cd2462
Merge pull request #2 from connortechnology/fix_sql_injection
...
Sanitize input parameters
2017-02-04 15:05:54 -07:00
c5906a5d4f
Merge pull request #6 from connortechnology/log_xss_fixes2
...
Log xss fixes2
2017-02-04 16:05:43 -06:00
6b3a53ec0f
Tell PDO to use real prepared statements.
...
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.
See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
9135da92ed
fix typo fileFields => filterFields
2017-01-31 21:33:43 -05:00
7d451e1e41
float the scale control right, add css for other skins
2017-01-31 11:13:16 -05:00
4a4f62f0a7
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2017-01-31 11:13:16 -05:00
568160e5aa
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2017-01-31 11:13:15 -05:00
3437f23e8a
Merge branch 'master' into fix_sql_injection
2017-01-28 14:33:49 -05:00
41dab0750e
turn whatever gets output into html escaped html so that nothing gets revealed
2017-01-27 21:30:22 -05:00
a8d1450adf
Merge branch 'master' into fix_sql_injection
2017-01-27 17:18:34 -05:00
746a096483
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2017-01-27 15:16:33 -07:00
c1e05753d6
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro
2017-01-27 17:12:46 -05:00
dbd73690b2
use !== false rather than === true
2017-01-25 09:26:07 -06:00
6189d2670c
ZM_DIR_EVENTS can be, and often is, a symlink
2017-01-25 09:05:34 -06:00
8b19fca992
sanitize the image path before processing
2017-01-25 08:30:19 -06:00
2f3ebd80da
Remove zmf, die..die..die
2017-01-16 13:20:05 -08:00
0e7794f2a7
Merge pull request #1 from connortechnology/cookie_http_only
...
set http_only flag in cookie settings
2017-01-12 09:25:36 -07:00
7ef7a36f39
fix conditional logic in controlcap.js
2017-01-10 17:53:05 -06:00
55403219d8
fix regexp for direction in control command. Also log if the regexp doesn't match
2017-01-10 12:35:38 -05:00
fea5fa1b59
fix xtell should be -1 for move left
2017-01-10 12:35:02 -05:00
b4bddee337
Merge branch 'master' into improve_filter
2017-01-03 08:49:56 -05:00
0a90dbac9f
require Event.php and clean up use of object vs db row array. Use newer way of using views/image.php by passing eid and frameid instead of a path.
2017-01-02 10:35:51 -05:00
30674919c4
always include Storage object, because in the end we will be using it everywhere
2017-01-02 10:34:45 -05:00
f6ea52280a
Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions
2017-01-02 10:34:15 -05:00
b063d8d6aa
Merge pull request #1728 from connortechnology/path_zms_message
...
Path zms message
2017-01-02 08:54:32 -06:00
ef71ae248c
fix ramSocketFile to remSocketFile
2017-01-02 09:31:26 -05:00
0d549f1db3
spelling fixes
2016-12-29 10:31:05 +01:00
25ab1bee18
more fixed to gpl license text
2016-12-26 10:40:09 -06:00
2dda2d9e1e
remove unneeded, empty files
2016-12-26 09:49:14 -06:00
254fcbcef7
update gpl 2 mailing address in source files
2016-12-26 09:23:16 -06:00
38c0cedecc
remove the use of empty which on php < 5.5 only supports variables.
2016-12-20 16:37:42 -05:00
752f0eb40b
Merge branch 'master' into improve_filter
2016-12-20 11:43:02 -05:00
68a24040ab
Merge pull request #1710 from connortechnology/path_zms_message
...
replace the old socket_sendto error message with something more useful
2016-12-20 10:30:35 -06:00
8b726996f7
FAQ fixes, more text about zms problems in it, and adjust the socket_sendto error message to point to the FAQ entry that is relevant.
2016-12-19 21:36:39 -05:00
fe3f3d91ce
replace the old socket_sendto error message with something more useful so that people stop asking us how to fix it.
2016-12-16 09:12:27 -05:00
794043cbe9
On successful login, tell php to regenerate the session id
2016-12-14 15:06:18 -05:00
ad157cf21c
fix tabs
2016-12-14 14:56:54 -05:00
69c39f8a23
set http_only flag in cookie settings
2016-12-14 14:39:44 -05:00
a9548d3f6b
Add a config entry to turn event disk space on/off
2016-12-13 13:34:56 -05:00
30ec67d4c3
Merge branch 'master' into disk_space_in_events
2016-12-13 13:28:32 -05:00
b5e4c94682
test for integer string as well
2016-12-08 15:58:00 -05:00
7c84e2417d
remove extra ?
2016-12-08 15:53:38 -05:00
c8009baf3f
fix missing ; and test for integer string in limit
2016-12-08 15:46:42 -05:00
d600eb0e8b
Merge branch 'master' into fix_sql_injection
2016-12-08 13:39:04 -05:00
e7d0861530
check limit for a valid integer and complain if not.
2016-12-08 13:37:23 -05:00
587fd16aa6
Add testing for limit, sortField and all the filters to ensure that they are valid.
2016-12-08 13:31:44 -05:00
857b4e8345
Merge branch 'master' into improve_filter
2016-12-06 11:58:41 -05:00
986567839e
Additional minor changes
2016-12-02 10:08:49 +01:00
e27639f599
Updated dutch translation
2016-12-02 09:49:50 +01:00
9312eed17f
Merge branch 'master' into disk_space_in_events
2016-11-22 10:58:24 -05:00
02cd3e8cba
Merge branch 'master' into small_fixes
2016-11-22 10:52:07 -05:00
bb6b0c2d49
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder into improve_filter
2016-11-17 12:16:49 -05:00
4eb5ff7aff
Fix Undefined index: loginFailed. Resolves #1684
2016-11-16 19:42:04 -07:00
8f71971209
Show error message upon unsuccessful login. Fixes #1648 ( #1680 )
...
* Add additional post-cmake files to .gitignore
* Add bootstrap 3.3.7
* Load bootstrap css
* Restyle login page, move recaptcha js to <head>
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
* Update doctype to HTML5, add meta tags for mobile browsers
* Move inline Login css to css file
* Remove extra php tag in functions.php
* Show error message upon unsuccessful login. Fixes #1648
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
* Only load bootstrap css in specific views.
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
* Test for invalid login via session variable.
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
* Fix a few typos in login inputs
* Add new fonts directory to web CMakeLists
2016-11-14 21:24:43 -05:00
b0d22aa2a5
Add new fonts directory to web CMakeLists
2016-11-14 19:23:05 -07:00
49d8e35e56
Show available PATH_MAP percent on console ( #1675 )
...
* Add PATH_SWAP percent to console
* add changes to console.php
* use ZM_PATH_MAP instead of ZM_PATH_SWAP
* show the folder name PATH_MAP points to
* use a dash as the delimiter instead of fwd slash
2016-11-11 08:47:08 -05:00
65fe07e7aa
Fix a few typos in login inputs
2016-11-10 23:36:28 -07:00
95d00f70a3
Test for invalid login via session variable.
...
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
2016-11-10 23:29:12 -07:00
3916b02a74
Only load bootstrap css in specific views.
...
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
2016-11-10 23:07:52 -07:00
0800a69a57
Show error message upon unsuccessful login. Fixes #1648
...
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
2016-11-10 22:51:32 -07:00
97fb53e95c
Remove extra php tag in functions.php
2016-11-10 21:49:57 -07:00
227b196a2e
Move inline Login css to css file
2016-11-10 21:48:42 -07:00
3e3956f45d
Update doctype to HTML5, add meta tags for mobile browsers
2016-11-10 21:47:53 -07:00
eacf6cd415
Restyle login page, move recaptcha js to <head>
...
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
2016-11-10 21:46:55 -07:00
1607ae1210
Load bootstrap css
2016-11-10 21:45:46 -07:00
2c93f61622
Add bootstrap 3.3.7
2016-11-10 21:45:18 -07:00
9f43825b92
prevent the end user from slecting an invalid configuration on the PT… ( #1676 )
...
* prevent the end user from slecting an invalid configuration on the PTZ control configuraion "Move" tab
* change to console.php should not be in this pr
2016-11-08 22:10:51 -05:00
8c41781a9f
Fix event.stop error in watch.js See #1672 ( #1678 )
2016-11-08 18:53:06 -05:00
735d2df3c9
event is redefined before being passed to deleteEvent. Fixes #1671
2016-11-04 23:23:40 -06:00
1e233c0ce5
Merge branch 'master' into improve_filter
2016-11-04 15:20:43 -04:00
bd47439056
Merge pull request #1639 from connortechnology/cookie_scale
...
store the scale value for watch and event views in a cookie, differen…
2016-11-03 12:35:15 -06:00
099cca210b
fix monitorId to MonitorId
2016-11-03 14:34:17 -04:00
d504043a9e
Update ru_ru.php
...
Remote extra line
2016-11-01 00:32:46 +11:00
a7c1231b46
fix WatchScale -> EventScale
2016-10-26 14:53:24 -04:00
0409ae5582
Merge pull request #1652 from connortechnology/fix_popup
...
handle when window.open fails
2016-10-20 05:17:44 +11:00
11cc73f55d
Merge pull request #1651 from connortechnology/fix_disable_monitor
...
Fix logic when disabling a monitor
2016-10-20 05:16:22 +11:00
Andy Bauer
IDDQDesnik
Isaac Connor
Matthew Noorenberghe
Andrew Bauer
Andrew Bauer
SteveGilvarry
Manojav Sridhar
Isaac Connor
Kyle Johnson
Isaac Connor
klemens
Bernardus Jansen