33092e4022
Allow API authentication using the `auth` query parameter containing an auth. hash. ( #1845 )
...
* Allow API authentication using the `auth` query parameter containing an auth. hash.
Fixes #1827
The same auth. hash for zms is used here. This allows consumers to use the API without sending the password in the query string and not require forging logins via the login form.
* Move logger.php's global Debug function to Logger::Debug to avoid polluting globals
This avoids a conflict with CakePHP when logger.php gets included indrectly from API code.
* Protect action=login when ZM_ENABLE_CSRF_MAGIC is enabled
2017-05-15 21:51:48 -04:00
fd44ff4e60
Merge branch 'master' into storageareas
2017-05-10 13:16:08 -04:00
06009f3b16
Merge pull request #1661 from connortechnology/add_scale_to_frame_view
...
Add scale to frame view
2017-05-10 07:56:36 -05:00
e6c60737e9
Merge pull request #1756 from SteveGilvarry/zmf_goodbye
...
Remove zmf
2017-05-10 07:07:22 -05:00
e45316dcd1
add debugging
2017-05-05 17:53:03 -04:00
fe532ac945
make args not required
2017-05-05 17:17:39 -04:00
f66b606e34
use isset
2017-05-05 16:40:05 -04:00
92854f5cba
more debug
2017-05-05 16:37:30 -04:00
1ff367373f
use ZM_AUTH_HASH_SECRET for the key, not the secret
2017-05-05 16:15:34 -04:00
a0e4e6537e
prefer key based tokens over session
2017-05-05 16:11:40 -04:00
0982c9fdec
add Debug lines
2017-05-05 16:00:52 -04:00
1253fb1723
update whitespacing/braces. Add a warning when dbFetchOne is used with a column that isn't in the returned row
2017-04-28 14:17:36 -04:00
088fa0192b
Merge branch 'master' into storageareas
2017-04-25 10:00:14 -04:00
05a141bf78
Update database.php
2017-04-24 23:40:52 -07:00
ef6c675c6a
work in progress, rough in adding the svg zones to montage
2017-04-24 11:11:44 -04:00
3db38eb474
limit points to the limits of the monitor
2017-04-19 16:12:12 -04:00
fbbe748bc8
Restore old behaviour for events that don't have a video
2017-04-19 14:15:32 -04:00
b71d021ae1
Merge branch 'fix_1849' into storageareas
2017-04-18 12:43:04 -04:00
f2920c37e0
escapeshellarg adds quotes, which is bad. Use escapeshellcmd on the whole string instead.
2017-04-18 12:31:20 -04:00
a5e7db0f7c
use faster ffmpeg method to generate frame image
2017-04-13 12:35:14 -04:00
7815f1c539
introduce a redirect flag global variable to allow us to redirect. Which allows to redirect on successful login so we don't get repost popups
2017-04-05 10:05:21 -04:00
d1a60dedc8
Fix the overzealous use of escapeshellcmd that breaks restarting monitors
2017-03-31 11:59:55 -04:00
538658403c
Merge pull request #1822 from knnniggett/csrf
...
Implement CSRF Mitigation
2017-03-30 10:39:55 -04:00
fe223e3b29
remove a warning when adding users when not logged in (could happen if OPT_AUTH isn't turned on yet
2017-03-29 10:38:29 -04:00
3cd9e46df9
Merge branch 'knnniggett-csrf' into storageareas
2017-03-28 20:44:38 -04:00
d006ebfc3c
Merge branch 'csrf' of https://github.com/knnniggett/ZoneMinder into knnniggett-csrf
2017-03-28 20:10:59 -04:00
769af661e9
Merge branch 'fix_x10' into storageareas
2017-03-28 20:05:52 -04:00
589b369109
fix inserting x10 record with missing ,
2017-03-28 20:03:46 -04:00
4e16ae6d19
add ZM_ENABLE_CSRF_MAGIC toggle
2017-03-28 17:29:36 -05:00
8ef7a708bd
updates in filters, try to get the new filter loaded when saving with a new name
2017-03-27 13:12:37 -04:00
8bd34a982d
only use scale if it has a value
2017-03-21 15:30:22 -04:00
670c1a3c7c
pass NULL for ['width']
2017-03-21 09:47:07 -04:00
2dcd95bc7f
Merge pull request #1504 from ZoneMinder/improve_filter
...
Improve filter
2017-03-18 21:12:58 -05:00
d38bae72ae
integrate csrf-magic library
2017-03-18 20:12:06 -05:00
d9c665b021
Merge branch 'fix_crash_with_invalid_zones' into storageareas
2017-03-17 09:35:11 -04:00
7e0ac4b239
Merge pull request #1780 from connortechnology/fix_1775
...
use escapeshellarg on inputs to daemonControl and other functions
2017-03-16 09:27:04 -05:00
4df12ae370
Merge branch 'montage_width_height' of github.com:ConnorTechnology/ZoneMinder into montage_width_height
2017-03-06 17:30:00 -05:00
fdcb93eacc
Merge branch 'master' into storageareas
2017-03-06 16:22:28 -05:00
4fc0aead70
wip
2017-03-01 15:26:40 -05:00
c4caa9a631
convert arguments from an array of strong to a hash and use http_build_query
2017-02-27 21:48:08 -05:00
c3a52272d8
implement changeWidth, changeHeight and alter getStreamHTML to take an array of options
2017-02-27 20:56:14 -05:00
8759e2bdb4
prevent divide by zero, make error messages more descriptive
2017-02-21 13:10:41 -06:00
27ca8d8674
use === operator in getDiskPercent function
2017-02-21 12:33:05 -06:00
186e5ba866
Merge branch 'master' into storageareas
2017-02-21 09:48:00 -05:00
f50c0e2096
fix missing isset check, caused number of Undefined Property warnings
2017-02-18 11:15:43 -05:00
2bf4b5ad1a
use escapeshellarg on inputs to daemonControl and other functions where exec is called
2017-02-15 09:45:25 -05:00
d135216ac7
Merge branch 'master' into storageareas
2017-02-15 09:30:35 -05:00
5804cd2462
Merge pull request #2 from connortechnology/fix_sql_injection
...
Sanitize input parameters
2017-02-04 15:05:54 -07:00
c5906a5d4f
Merge pull request #6 from connortechnology/log_xss_fixes2
...
Log xss fixes2
2017-02-04 16:05:43 -06:00
6b3a53ec0f
Tell PDO to use real prepared statements.
...
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.
See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
568160e5aa
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2017-01-31 11:13:15 -05:00
9fd9c5de20
test for empty and non-existent path
2017-01-30 17:24:41 -05:00
fda115bebe
tell zmc and zma to stop before updating db
2017-01-30 16:37:53 -05:00
41dab0750e
turn whatever gets output into html escaped html so that nothing gets revealed
2017-01-27 21:30:22 -05:00
a8d1450adf
Merge branch 'master' into fix_sql_injection
2017-01-27 17:18:34 -05:00
746a096483
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2017-01-27 15:16:33 -07:00
c1e05753d6
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro
2017-01-27 17:12:46 -05:00
8ce7719a33
remove extra db call cuz i sredundant
2017-01-18 21:12:54 -05:00
2f3ebd80da
Remove zmf, die..die..die
2017-01-16 13:20:05 -08:00
899b1b82b9
Merge branch 'filter_by_runstate' into storageareas
2017-01-14 17:07:20 -05:00
242e5a56d8
rough in the ability to filter on RunState
2017-01-14 16:55:28 -05:00
3074263e06
Merge branch 'control_fixes' into storageareas
2017-01-10 12:54:46 -05:00
55403219d8
fix regexp for direction in control command. Also log if the regexp doesn't match
2017-01-10 12:35:38 -05:00
d8b8d78576
Fix storagearea lookup. Default to ZM_EVENTS_DIR
2017-01-09 16:35:58 -05:00
03fd964518
fix parsing StorageID
2017-01-09 14:59:14 -05:00
b4bddee337
Merge branch 'master' into improve_filter
2017-01-03 08:49:56 -05:00
f6ea52280a
Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions
2017-01-02 10:34:15 -05:00
5ae34a7561
Merge branch 'master' into storageareas
2017-01-02 09:39:10 -05:00
0d549f1db3
spelling fixes
2016-12-29 10:31:05 +01:00
254fcbcef7
update gpl 2 mailing address in source files
2016-12-26 09:23:16 -06:00
752f0eb40b
Merge branch 'master' into improve_filter
2016-12-20 11:43:02 -05:00
794043cbe9
On successful login, tell php to regenerate the session id
2016-12-14 15:06:18 -05:00
821f9f8e6e
Merge branch 'fix_sql_injection' into storageareas
2016-12-08 15:58:10 -05:00
b5e4c94682
test for integer string as well
2016-12-08 15:58:00 -05:00
08370b010e
Merge branch 'log_xss_fixes' into storageareas
2016-12-08 15:52:37 -05:00
42fdd1fbe9
Use htmlentities on the error message when dying because the string will be sent to the browser and if it includes scripts they will be run.
2016-12-08 15:52:21 -05:00
ced701f56f
Merge branch 'fix_sql_injection' into storageareas
2016-12-08 14:58:50 -05:00
e7d0861530
check limit for a valid integer and complain if not.
2016-12-08 13:37:23 -05:00
9e5f52a0ae
fix MonitorId is part of event, not frame
2016-11-29 15:25:51 -05:00
be5b4691da
check for isset of SESSION['username'] instead of just assuming it exists
2016-11-22 15:35:07 -05:00
9312eed17f
Merge branch 'master' into disk_space_in_events
2016-11-22 10:58:24 -05:00
6bf921a858
Add thumbnanils to the frames view. Also add a content-disposition header and some url mangling to help browsers give a useful filename when doing Save Image As
2016-11-21 12:28:15 -05:00
bb6b0c2d49
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder into improve_filter
2016-11-17 12:16:49 -05:00
2bd080a6a6
Merge branch 'master' into storageareas
2016-11-15 08:41:00 -05:00
8f71971209
Show error message upon unsuccessful login. Fixes #1648 ( #1680 )
...
* Add additional post-cmake files to .gitignore
* Add bootstrap 3.3.7
* Load bootstrap css
* Restyle login page, move recaptcha js to <head>
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
* Update doctype to HTML5, add meta tags for mobile browsers
* Move inline Login css to css file
* Remove extra php tag in functions.php
* Show error message upon unsuccessful login. Fixes #1648
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
* Only load bootstrap css in specific views.
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
* Test for invalid login via session variable.
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
* Fix a few typos in login inputs
* Add new fonts directory to web CMakeLists
2016-11-14 21:24:43 -05:00
3b7723ee8f
Merge branch 'master' into storageareas
2016-11-11 22:40:00 -05:00
49d8e35e56
Show available PATH_MAP percent on console ( #1675 )
...
* Add PATH_SWAP percent to console
* add changes to console.php
* use ZM_PATH_MAP instead of ZM_PATH_SWAP
* show the folder name PATH_MAP points to
* use a dash as the delimiter instead of fwd slash
2016-11-11 08:47:08 -05:00
95d00f70a3
Test for invalid login via session variable.
...
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
2016-11-10 23:29:12 -07:00
1e233c0ce5
Merge branch 'master' into improve_filter
2016-11-04 15:20:43 -04:00
4defad1352
Merge branch 'add_scale_to_frame_view' into storageareas
2016-10-26 14:04:43 -04:00
d9a31f7fb6
Merge branch 'master' into storageareas
2016-10-26 13:39:31 -04:00
98cde11e86
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2016-10-26 13:34:28 -04:00
cf0e4935f1
cleanups, more debugging
...
Also, when adding a monitor, a user who is restricted to monitors can't create one, add an error essage about it instead of failing silently.
2016-10-21 12:43:23 -04:00
f9ac601194
fix getOutputHelperStream -> getHelperStream
2016-10-21 12:41:37 -04:00
5ee8a1c0a7
deprecate the contents of getImageSrc since it is now in Event.php
2016-10-20 11:52:01 -04:00
fc540786a5
Move login by auth hash out of actions.php and into index.php. Double quotes to single quotes and google code style changes in indx.php
2016-10-20 11:51:42 -04:00
c795dd7568
double quotes to single quotes, remove some includes, slight efficiency gains and better error reporting when the .mp4 doesn't exist.
2016-10-20 11:50:13 -04:00
11cc73f55d
Merge pull request #1651 from connortechnology/fix_disable_monitor
...
Fix logic when disabling a monitor
2016-10-20 05:16:22 +11:00
c78a543e8e
Merge pull request #1475 from connortechnology/htmlselect
...
introduce htmlselect as an alternative to buildselect
2016-10-20 05:05:59 +11:00
de9c5a3bed
add in missing break
2016-10-18 10:20:42 -04:00
Matt N
Isaac Connor
Andrew Bauer
Isaac Connor
Isaac Connor
Joshua Ruehlig
Isaac Connor
Andy Bauer
Andrew Bauer
Isaac Connor
Manojav Sridhar
Kyle Johnson
Isaac Connor
SteveGilvarry
klemens