b3fb934fb5
add namespace to Logging calls
2019-04-29 14:16:55 -04:00
1a1c2db15f
add the shutdown view and actions
2019-04-12 14:55:56 -04:00
780f4f9b9a
Merge branch 'master' of github.com:zoneminder/ZoneMinder
2019-04-06 09:27:44 -04:00
381f526d66
spacing
2019-04-05 15:18:20 -04:00
8f3d1f8653
fix a missing = and use csrf_get_tokens instead of csrf_get_secret which is the wrong function
2019-04-02 15:25:14 -04:00
9e96c29620
Log a failed csrf check
2019-04-02 15:24:47 -04:00
8a90176a2c
Add CanReboot to Controls
2019-04-02 09:25:50 -04:00
15fb546e15
spacing
2019-04-01 11:13:35 -04:00
49e3f0a68e
eslint fixes
2019-03-28 09:43:31 -04:00
4eafc52955
spacing
2019-03-25 12:18:01 -04:00
8d07a4a08f
Log useful error messages when can't mkdir the monitor events dir or the symlink to it. symlink is a warning because the symlink is just a user aid
2019-03-25 11:58:04 -04:00
bd5c9b5b20
add Control to ZM namespace
2019-03-24 09:58:50 -04:00
8f28ba0be3
beter debug and less often when no terms in parseFilter
2019-03-22 17:28:12 -04:00
6d4d353209
fix namespace on MontageLayout
2019-03-22 17:27:58 -04:00
7f7acc18ee
spacing and code doc
2019-03-21 14:14:30 -04:00
f434042c52
fix spacing
2019-03-21 14:14:15 -04:00
6efeab5f8d
improve readability of parseFilter
2019-03-20 14:26:48 -04:00
3f9564c10a
Merge branch 'master' into storageareas
2019-03-19 10:37:35 -04:00
72b87a7c00
Add code to be a bit more careful about not deleting all events when an incomplete event object is used.
2019-03-19 09:36:58 -04:00
520c41da23
Merge ../ZoneMinder.connortechnology.bad into storageareas
2019-03-18 14:40:03 -04:00
3c31dd63ce
Use zm_session_start() for API auth. Fixes #2547
2019-03-11 00:27:46 -07:00
6c8eac1ac8
Merge branch 'storageareas' into h265
2019-03-06 11:10:01 -05:00
fa124eb29a
Merge branch 'master' of github.com:zoneminder/ZoneMinder
2019-03-05 14:35:15 -05:00
0022dbfb76
add a newline to improve readability
2019-03-05 14:31:39 -05:00
e59eb510e3
update and fix the donate popup
2019-03-05 13:10:04 -05:00
73ae3f49ed
Merge branch 'master' into storageareas
2019-03-05 11:35:55 -05:00
7779edb485
Fix saving multiple monitors at once by moving the relevant code to includes/actions/monitors.php
2019-03-05 11:02:37 -05:00
49a1954f96
fix typo and remove deprecated DefaultView
2019-03-05 11:01:39 -05:00
8b29c5f54c
Fix typo: Ineterval to Interval
2019-03-05 10:58:23 -05:00
f446e73ff7
Typo: AnalysisUpdateDelete to AnalysisUpdateDelay
2019-03-05 10:55:27 -05:00
778707c8df
Merge branch 'master' into storageareas
2019-03-04 14:33:28 -05:00
96e29c0299
fix up remaining issues with cycle updates
2019-03-04 13:35:40 -05:00
190142b24c
Merge branch 'master' into storageareas
2019-03-01 17:47:07 -05:00
7703661cb1
Don't use streaming port in UrlToIndex because xmlHttpRequest won't send cookies to a different port
2019-03-01 17:25:17 -05:00
466c379e94
Merge branch 'master' into storageareas
2019-03-01 14:03:49 -05:00
675b4975b0
Fix control presets
2019-03-01 13:37:34 -05:00
20fe502ca4
Add ZM to ErrorHandler. Spacing and quotes
2019-02-27 12:02:40 -05:00
af9c87a112
Merge branch 'master' into storageareas
2019-02-27 10:53:19 -05:00
6e4444099b
Only populate session with user info on successful login. Use parameters in sql when loading users in getAuthUser. Fixes #2542
2019-02-27 09:57:50 -05:00
c0ae7820bb
add zmeventnotification to Server object
2019-02-27 09:28:36 -05:00
df3e11d83c
Fix authentication in api because we no longer store the user object in the session
2019-02-26 17:01:45 -05:00
a00e2381b7
Merge branch 'master' into storageareas
2019-02-26 11:33:29 -05:00
92dc7878de
Fix 2340 ( #2368 )
...
* include includes/functions.php so that we have access to all it's contents
* add a beforeDelete function which deletes the files. Add other needed functions like Path() LinkPath() etc.
* add require_once for Storage and functions because we use them in Event
* Now that ZM has namespaces use the ZM Event class to do the heavy lifting of delete
* Don't need functions in AppController anymore
2019-02-26 11:28:56 -05:00
5da51d51bc
Merge branch 'master' into storageareas
2019-02-26 10:55:51 -05:00
53c0fae688
Merge fix from storageareas for archive/delete in events list
2019-02-26 10:22:58 -05:00
2187dea2aa
add namespace to Warnings
2019-02-25 15:11:08 -05:00
46c6735311
Missing namespace on filter. Fixes #2541
2019-02-24 10:02:49 -05:00
fd310c0f0a
Merge branch 'master' into storageareas
2019-02-22 11:33:47 -05:00
2b90bf15a6
Improve session ( #2487 )
...
* Introduce ZM_COOKIE_LIFETIME which sets the life of the SESSION cookie, instead of using what is in php.ini
* Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout.
* Move session code to includes/session.php
* remove duplicate line
* Move is_session_open to session.php. Move code to clear a session into session.php
* improve debug line when there is a problem updating config entry
* split description into description and help text for COOKIE_LIFETIME
* Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console
* If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.
* Use session_regenerate_id instead of our broken code to do the same
* Move auth code to includes/auth.php
* add autocomplete tags to username and password inputs
* Don't redirect to login if we are already viewing login. Put auth before including skin includes
* need to include session.php in auth.php
* update to php namespace
2019-02-22 09:43:38 -05:00
410cb70ddb
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. ( #2534 )
2019-02-22 09:20:54 -05:00
8dd8888975
Php namespace ( #2537 )
...
* experiment with namespaces on the Server class
* experiment with namespaces on the Server class
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
8837015239
remove bogus test for Filter Id
2019-02-19 13:54:25 -05:00
6d1541a4d2
Merge branch 'fix_privacy_view' into storageareas
2019-02-19 12:57:01 -05:00
97a888c0db
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again.
2019-02-19 12:54:12 -05:00
5029d7214a
Merge branch 'master' into storageareas
2019-02-18 17:00:45 -05:00
b646284da3
don't quote dbEscape values it will quote it already ( #2529 )
2019-02-17 11:31:28 -05:00
b25770a2f0
Merge branch 'master' into storageareas
2019-02-13 11:52:31 -05:00
d0745da11c
fix path to Control.php
2019-02-13 11:52:16 -05:00
dd641793a2
Merge branch 'improve_session' into storageareas
2019-02-13 11:17:30 -05:00
91a280e56e
need to include session.php in auth.php
2019-02-13 11:17:15 -05:00
a3374aa26c
Merge branch 'reload_zmfilter_on_filter_save' into storageareas
2019-02-11 13:26:53 -05:00
5695be9f32
rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved.
2019-02-11 13:21:00 -05:00
cdbd59f054
bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493
2019-02-10 13:22:08 -08:00
555cb4780d
Merge branch 'master' into storageareas
2019-02-10 12:37:45 -05:00
a6ee79f428
Fix typo in dbc1c7b72f comment
2019-02-09 22:40:39 -08:00
dbc1c7b72f
Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469
2019-02-09 22:39:54 -08:00
a97711de89
Replace or sanitize remaining uses of PHP_SELF. Fixes #2446
2019-02-09 22:12:36 -08:00
effd609ff7
Escape output of state names. Fixes #2475
2019-02-09 20:40:08 -08:00
c9d597dced
logger.php: Don't output Panic messages unless debugging is on. Fixes #2460
2019-02-09 18:51:30 -08:00
6d2f3c265f
events.php: Remove inline event handlers and enforce CSP
2019-02-09 17:34:59 -08:00
fcbc22b6a2
functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456
2019-02-09 17:27:47 -08:00
502f53fad0
functions.php: Fix SQLi in getFormChanges
2019-02-09 17:15:02 -08:00
254b7286b4
monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451
2019-02-09 16:41:54 -08:00
b2a97ee190
frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
...
Fixes #2448 , fixes #2449 , and fixes #2447 .
2019-02-09 15:10:45 -08:00
c8066919ff
functions.php: Esacepe textContent in htmlOptions()
2019-02-09 14:14:46 -08:00
98e0a0d2c5
Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459
2019-02-09 02:18:57 -08:00
02f09aad7f
view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443
2019-02-09 02:01:26 -08:00
0b38e72f88
view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441
2019-02-09 01:16:32 -08:00
d33e094526
Merge branch 'master' into storageareas
2019-02-06 17:03:41 -05:00
8e62c93f5f
add to_json function to Storage.
2019-02-06 11:44:36 -05:00
d121ecab75
Merge branch 'improve_session' into storageareas
2019-02-05 15:48:42 -05:00
141f2afc8c
Merge branch 'master' into storageareas
2019-02-05 15:46:58 -05:00
21702dcc68
Merge branch 'master' into improve_session
2019-02-05 12:35:29 -05:00
c54fe7e89a
fix state actions
2019-02-05 12:35:06 -05:00
cb0d9325e6
Use session_regenerate_id instead of our broken code to do the same
2019-02-05 11:45:09 -05:00
2466d765bf
If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.
2019-02-05 11:44:45 -05:00
5a9083fe86
Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console
2019-02-05 11:40:58 -05:00
97e3a8178a
use session_regenerate_id instead of other strange code
2019-01-30 16:08:09 -05:00
b09a71d0e2
code style
2019-01-30 16:06:16 -05:00
71f961d012
remove redirect to console on login, as it is done in javascript after Logging in message is displayed
2019-01-30 16:05:51 -05:00
4e10e6f0ae
Merge branch 'improve_session' into storageareas
2019-01-30 15:26:37 -05:00
9a3aa49bae
Merge branch 'fix_bandwidth' into storageareas
2019-01-30 15:18:16 -05:00
533d021dea
Merge branch 'master' into storageareas
2019-01-30 15:17:27 -05:00
604dbf8776
fix state changing/etc
2019-01-30 14:36:46 -05:00
2e2404643f
Fix bandwidth due to new actions code. Update buttons on bandwidth popup
2019-01-30 13:20:24 -05:00
cc0b5e0f1f
Move is_session_open to session.php. Move code to clear a session into session.php
2019-01-30 12:52:01 -05:00
0eba430932
remove duplicate line
2019-01-30 11:05:43 -05:00
85bb70df68
Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout.
2019-01-30 11:05:19 -05:00
8c5687ca30
Fix name/protocol XSS in controlcaps.php. Fixes #2445 ( #2479 )
2019-01-25 08:35:07 -05:00
fd6179d7c8
Enforce CSP on many more views ( #2480 )
2019-01-25 08:34:29 -05:00
Isaac Connor
Isaac Connor
Isaac Connor
Matthew Noorenberghe
Mitch Capper