fe532ac945
make args not required
2017-05-05 17:17:39 -04:00
f66b606e34
use isset
2017-05-05 16:40:05 -04:00
92854f5cba
more debug
2017-05-05 16:37:30 -04:00
1ff367373f
use ZM_AUTH_HASH_SECRET for the key, not the secret
2017-05-05 16:15:34 -04:00
a0e4e6537e
prefer key based tokens over session
2017-05-05 16:11:40 -04:00
0982c9fdec
add Debug lines
2017-05-05 16:00:52 -04:00
1253fb1723
update whitespacing/braces. Add a warning when dbFetchOne is used with a column that isn't in the returned row
2017-04-28 14:17:36 -04:00
088fa0192b
Merge branch 'master' into storageareas
2017-04-25 10:00:14 -04:00
05a141bf78
Update database.php
2017-04-24 23:40:52 -07:00
ef6c675c6a
work in progress, rough in adding the svg zones to montage
2017-04-24 11:11:44 -04:00
3db38eb474
limit points to the limits of the monitor
2017-04-19 16:12:12 -04:00
fbbe748bc8
Restore old behaviour for events that don't have a video
2017-04-19 14:15:32 -04:00
b71d021ae1
Merge branch 'fix_1849' into storageareas
2017-04-18 12:43:04 -04:00
f2920c37e0
escapeshellarg adds quotes, which is bad. Use escapeshellcmd on the whole string instead.
2017-04-18 12:31:20 -04:00
a5e7db0f7c
use faster ffmpeg method to generate frame image
2017-04-13 12:35:14 -04:00
7815f1c539
introduce a redirect flag global variable to allow us to redirect. Which allows to redirect on successful login so we don't get repost popups
2017-04-05 10:05:21 -04:00
d1a60dedc8
Fix the overzealous use of escapeshellcmd that breaks restarting monitors
2017-03-31 11:59:55 -04:00
538658403c
Merge pull request #1822 from knnniggett/csrf
...
Implement CSRF Mitigation
2017-03-30 10:39:55 -04:00
fe223e3b29
remove a warning when adding users when not logged in (could happen if OPT_AUTH isn't turned on yet
2017-03-29 10:38:29 -04:00
3cd9e46df9
Merge branch 'knnniggett-csrf' into storageareas
2017-03-28 20:44:38 -04:00
d006ebfc3c
Merge branch 'csrf' of https://github.com/knnniggett/ZoneMinder into knnniggett-csrf
2017-03-28 20:10:59 -04:00
769af661e9
Merge branch 'fix_x10' into storageareas
2017-03-28 20:05:52 -04:00
589b369109
fix inserting x10 record with missing ,
2017-03-28 20:03:46 -04:00
4e16ae6d19
add ZM_ENABLE_CSRF_MAGIC toggle
2017-03-28 17:29:36 -05:00
8ef7a708bd
updates in filters, try to get the new filter loaded when saving with a new name
2017-03-27 13:12:37 -04:00
8bd34a982d
only use scale if it has a value
2017-03-21 15:30:22 -04:00
670c1a3c7c
pass NULL for ['width']
2017-03-21 09:47:07 -04:00
2dcd95bc7f
Merge pull request #1504 from ZoneMinder/improve_filter
...
Improve filter
2017-03-18 21:12:58 -05:00
d38bae72ae
integrate csrf-magic library
2017-03-18 20:12:06 -05:00
d9c665b021
Merge branch 'fix_crash_with_invalid_zones' into storageareas
2017-03-17 09:35:11 -04:00
7e0ac4b239
Merge pull request #1780 from connortechnology/fix_1775
...
use escapeshellarg on inputs to daemonControl and other functions
2017-03-16 09:27:04 -05:00
4df12ae370
Merge branch 'montage_width_height' of github.com:ConnorTechnology/ZoneMinder into montage_width_height
2017-03-06 17:30:00 -05:00
fdcb93eacc
Merge branch 'master' into storageareas
2017-03-06 16:22:28 -05:00
4fc0aead70
wip
2017-03-01 15:26:40 -05:00
c4caa9a631
convert arguments from an array of strong to a hash and use http_build_query
2017-02-27 21:48:08 -05:00
c3a52272d8
implement changeWidth, changeHeight and alter getStreamHTML to take an array of options
2017-02-27 20:56:14 -05:00
8759e2bdb4
prevent divide by zero, make error messages more descriptive
2017-02-21 13:10:41 -06:00
27ca8d8674
use === operator in getDiskPercent function
2017-02-21 12:33:05 -06:00
186e5ba866
Merge branch 'master' into storageareas
2017-02-21 09:48:00 -05:00
f50c0e2096
fix missing isset check, caused number of Undefined Property warnings
2017-02-18 11:15:43 -05:00
2bf4b5ad1a
use escapeshellarg on inputs to daemonControl and other functions where exec is called
2017-02-15 09:45:25 -05:00
d135216ac7
Merge branch 'master' into storageareas
2017-02-15 09:30:35 -05:00
5804cd2462
Merge pull request #2 from connortechnology/fix_sql_injection
...
Sanitize input parameters
2017-02-04 15:05:54 -07:00
c5906a5d4f
Merge pull request #6 from connortechnology/log_xss_fixes2
...
Log xss fixes2
2017-02-04 16:05:43 -06:00
6b3a53ec0f
Tell PDO to use real prepared statements.
...
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.
See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
568160e5aa
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2017-01-31 11:13:15 -05:00
9fd9c5de20
test for empty and non-existent path
2017-01-30 17:24:41 -05:00
fda115bebe
tell zmc and zma to stop before updating db
2017-01-30 16:37:53 -05:00
41dab0750e
turn whatever gets output into html escaped html so that nothing gets revealed
2017-01-27 21:30:22 -05:00
a8d1450adf
Merge branch 'master' into fix_sql_injection
2017-01-27 17:18:34 -05:00
746a096483
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2017-01-27 15:16:33 -07:00
c1e05753d6
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro
2017-01-27 17:12:46 -05:00
8ce7719a33
remove extra db call cuz i sredundant
2017-01-18 21:12:54 -05:00
2f3ebd80da
Remove zmf, die..die..die
2017-01-16 13:20:05 -08:00
899b1b82b9
Merge branch 'filter_by_runstate' into storageareas
2017-01-14 17:07:20 -05:00
242e5a56d8
rough in the ability to filter on RunState
2017-01-14 16:55:28 -05:00
3074263e06
Merge branch 'control_fixes' into storageareas
2017-01-10 12:54:46 -05:00
55403219d8
fix regexp for direction in control command. Also log if the regexp doesn't match
2017-01-10 12:35:38 -05:00
d8b8d78576
Fix storagearea lookup. Default to ZM_EVENTS_DIR
2017-01-09 16:35:58 -05:00
03fd964518
fix parsing StorageID
2017-01-09 14:59:14 -05:00
b4bddee337
Merge branch 'master' into improve_filter
2017-01-03 08:49:56 -05:00
f6ea52280a
Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions
2017-01-02 10:34:15 -05:00
5ae34a7561
Merge branch 'master' into storageareas
2017-01-02 09:39:10 -05:00
0d549f1db3
spelling fixes
2016-12-29 10:31:05 +01:00
254fcbcef7
update gpl 2 mailing address in source files
2016-12-26 09:23:16 -06:00
752f0eb40b
Merge branch 'master' into improve_filter
2016-12-20 11:43:02 -05:00
794043cbe9
On successful login, tell php to regenerate the session id
2016-12-14 15:06:18 -05:00
821f9f8e6e
Merge branch 'fix_sql_injection' into storageareas
2016-12-08 15:58:10 -05:00
b5e4c94682
test for integer string as well
2016-12-08 15:58:00 -05:00
08370b010e
Merge branch 'log_xss_fixes' into storageareas
2016-12-08 15:52:37 -05:00
42fdd1fbe9
Use htmlentities on the error message when dying because the string will be sent to the browser and if it includes scripts they will be run.
2016-12-08 15:52:21 -05:00
ced701f56f
Merge branch 'fix_sql_injection' into storageareas
2016-12-08 14:58:50 -05:00
e7d0861530
check limit for a valid integer and complain if not.
2016-12-08 13:37:23 -05:00
9e5f52a0ae
fix MonitorId is part of event, not frame
2016-11-29 15:25:51 -05:00
be5b4691da
check for isset of SESSION['username'] instead of just assuming it exists
2016-11-22 15:35:07 -05:00
9312eed17f
Merge branch 'master' into disk_space_in_events
2016-11-22 10:58:24 -05:00
6bf921a858
Add thumbnanils to the frames view. Also add a content-disposition header and some url mangling to help browsers give a useful filename when doing Save Image As
2016-11-21 12:28:15 -05:00
bb6b0c2d49
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder into improve_filter
2016-11-17 12:16:49 -05:00
2bd080a6a6
Merge branch 'master' into storageareas
2016-11-15 08:41:00 -05:00
8f71971209
Show error message upon unsuccessful login. Fixes #1648 ( #1680 )
...
* Add additional post-cmake files to .gitignore
* Add bootstrap 3.3.7
* Load bootstrap css
* Restyle login page, move recaptcha js to <head>
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
* Update doctype to HTML5, add meta tags for mobile browsers
* Move inline Login css to css file
* Remove extra php tag in functions.php
* Show error message upon unsuccessful login. Fixes #1648
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
* Only load bootstrap css in specific views.
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
* Test for invalid login via session variable.
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
* Fix a few typos in login inputs
* Add new fonts directory to web CMakeLists
2016-11-14 21:24:43 -05:00
3b7723ee8f
Merge branch 'master' into storageareas
2016-11-11 22:40:00 -05:00
49d8e35e56
Show available PATH_MAP percent on console ( #1675 )
...
* Add PATH_SWAP percent to console
* add changes to console.php
* use ZM_PATH_MAP instead of ZM_PATH_SWAP
* show the folder name PATH_MAP points to
* use a dash as the delimiter instead of fwd slash
2016-11-11 08:47:08 -05:00
95d00f70a3
Test for invalid login via session variable.
...
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
2016-11-10 23:29:12 -07:00
1e233c0ce5
Merge branch 'master' into improve_filter
2016-11-04 15:20:43 -04:00
4defad1352
Merge branch 'add_scale_to_frame_view' into storageareas
2016-10-26 14:04:43 -04:00
d9a31f7fb6
Merge branch 'master' into storageareas
2016-10-26 13:39:31 -04:00
98cde11e86
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2016-10-26 13:34:28 -04:00
cf0e4935f1
cleanups, more debugging
...
Also, when adding a monitor, a user who is restricted to monitors can't create one, add an error essage about it instead of failing silently.
2016-10-21 12:43:23 -04:00
f9ac601194
fix getOutputHelperStream -> getHelperStream
2016-10-21 12:41:37 -04:00
5ee8a1c0a7
deprecate the contents of getImageSrc since it is now in Event.php
2016-10-20 11:52:01 -04:00
fc540786a5
Move login by auth hash out of actions.php and into index.php. Double quotes to single quotes and google code style changes in indx.php
2016-10-20 11:51:42 -04:00
c795dd7568
double quotes to single quotes, remove some includes, slight efficiency gains and better error reporting when the .mp4 doesn't exist.
2016-10-20 11:50:13 -04:00
11cc73f55d
Merge pull request #1651 from connortechnology/fix_disable_monitor
...
Fix logic when disabling a monitor
2016-10-20 05:16:22 +11:00
c78a543e8e
Merge pull request #1475 from connortechnology/htmlselect
...
introduce htmlselect as an alternative to buildselect
2016-10-20 05:05:59 +11:00
de9c5a3bed
add in missing break
2016-10-18 10:20:42 -04:00
aaf8f6c98b
add the missing case for ServerId in Filter processing.
2016-10-18 10:14:19 -04:00
85faa7321c
reorder if logic to handle first page load before AuthHash has ever been set.
2016-10-17 13:12:13 -04:00
c2911ae756
better debug in deletePath
2016-10-12 15:38:59 -04:00
3baa64aa52
add caller info to log when a bad argument is passed to event constructor
2016-10-12 15:38:40 -04:00
0c956d6728
fix logic when disabling a monitor
2016-10-11 12:11:33 -04:00
c02b840274
Fix logic when disabling a monitor
2016-10-11 12:10:47 -04:00
68936b9af9
code style, replace with '
2016-10-03 21:58:57 -04:00
d4be5b06ea
Only generate auth hash when logged in.
2016-10-03 21:22:16 -04:00
f4418260e7
Should only generate an auth hash if we are logged in.
2016-10-03 21:18:13 -04:00
16bee2ef55
only generate auth hash if we are logged in
2016-10-02 14:13:54 -04:00
0ab84abe5b
Since we are returning a hash called user, it should really contain all data for that user.
2016-09-29 10:43:07 -04:00
404bbb79f0
must return the generated hash
2016-09-29 10:11:37 -04:00
8bc7b9562f
introduce config option ZM_AUTH_HASH_TTL which is the # of hours to make an auth hash valid for
2016-09-29 10:04:53 -04:00
303a2c6c5f
re-open session if neccessary to save AuthHashGeneratedAt
2016-09-27 11:56:31 -04:00
db8cada380
fix merge
2016-09-13 15:01:02 -04:00
563f4a9d46
Merge pull request #1505 from ZoneMinder/fix_filter_actions
...
Confirmed check box status is now retained after save and changing filters.
2016-09-11 14:13:51 +10:00
7d48b2c6c5
Merge pull request #1577 from ZoneMinder/fix_zmaControl
...
fix error in calling zmaControl
2016-08-17 08:36:51 -05:00
31cb86046c
Merge pull request #1592 from connortechnology/fix_analysis_frame
...
Fix analysis frame
2016-08-14 10:54:46 -05:00
240336e3ec
silence error when Event has no StorageId set
2016-08-12 15:20:21 -04:00
3dadcc8d32
add ability to pass show=capture or show=analyse to getImageSrc
2016-08-12 15:14:51 -04:00
382896dc0d
Merge pull request #1498 from josh4trunks/mysql_port_socket
...
Add support for MySQL Port / Unix Socket
2016-08-06 09:32:32 -05:00
aa78b403a1
zmaControl can take an id #, so need to move the check for local server test down.
2016-08-02 12:33:41 -04:00
cd43d1fa7a
Rough in Event disk space reporting
2016-07-19 17:34:01 -04:00
a57a3d3186
Merge pull request #1501 from ZoneMinder/fix_zone_edit
...
Fix zone edit
2016-05-31 10:33:31 -05:00
65e33d6c19
synchronize on capitalizing the word Auto. This should fix the losing of the checkboxes when you change a filter
2016-05-27 11:11:30 -04:00
1972c4116b
Merge pull request #1486 from connortechnology/update_image_view
...
Update image view
2016-05-26 09:05:14 -05:00
0d08c50199
change quotes
2016-09-29 12:22:01 -04:00
ab8b58ba48
Merge branch 'fix_auth_timeout' into storageareas
2016-09-29 10:44:30 -04:00
5c867aa5f5
Merge branch 'fix_auth_timeout' into storageareas
2016-09-29 10:10:38 -04:00
07ae6b6aa2
commit authhash to session
2016-09-28 11:49:00 -04:00
9bf48d27b1
implement caching the authhash in the session
2016-09-28 09:08:49 -04:00
1ae23b49bf
generateAuthHash early when session is active, it will get cached in session
2016-09-28 09:08:36 -04:00
e217ca17cd
Merge branch 'fix_auth_timeout' into storageareas
2016-09-27 11:57:53 -04:00
6840031ee3
fix auth timeout and user session[username] when checking auth hash for speedup
2016-09-27 11:51:55 -04:00
d96febd967
when ZM_DIR_EVENTS is relative, append ZM_PATH_WEB
2016-09-21 16:00:23 -04:00
091459004c
ServerId can be 0
2016-09-21 10:30:31 -04:00
fb610ba87d
fix getDiskPercent to take a StorageArea as a param and use it's disk_usage_percent function. When parsing filter, DiskPercent requires a storagearea now, so look for it in the terms
2016-09-20 12:18:20 -04:00
1add270b72
fixup saving Filters and executing them
2016-09-20 12:17:19 -04:00
f06723a178
add disk_usage_percent and fix whitespace
2016-09-20 12:16:49 -04:00
5604fe5610
add more debugging and fix LinkPath -> LinkPath
2016-09-20 12:16:07 -04:00
c95e449bbd
Modifications to getDiskPercent():
...
Moved '%' to this function instead of at end of html in skins/classing/include/functions.php
Changed from SQL query to Storage area object model.
2016-09-17 02:11:07 +10:00
181339a2dd
Nearly forgot its possible to have no "default" storage area, have wrapped the defaults space check in an if()
2016-09-15 19:49:58 +10:00
d5337a08a8
Modify getDiskPercent() to report disk space for all storage areas.
2016-09-15 19:41:16 +10:00
01ae4de123
Modified so deleting a filter is done by table Id instead of Name
2016-09-15 01:59:31 +10:00
0d83fc5be7
Converted filter action to use table Id's instead of filterName's when editing existings and creating new filters.
2016-09-15 01:27:59 +10:00
ffaf046485
fix missing /
2016-08-30 14:51:56 -04:00
27c1f95607
handle when ZM_BASE_PATH == '/'
2016-08-30 14:36:14 -04:00
a28e7d8df8
fix typo
2016-08-30 14:24:51 -04:00
7411b47834
fix typo
2016-08-30 14:23:20 -04:00
6ce18c3628
ZM_BASE_URL is deprecated. Use ZM_BASE_PATH instead
2016-08-30 14:08:52 -04:00
237a4494b2
correct incorrect use of isset instead of array_key_exists
2016-08-30 13:44:57 -04:00
6204ed8dd4
correct incorrect use of isset instead of array_key_exists
2016-08-30 13:43:49 -04:00
944a131142
Merge ../ZoneMinder.master into storageareas
2016-08-22 11:49:50 -04:00
be7683299e
use single quotes instead of double quotes
2016-08-22 11:49:45 -04:00
d6b126fe8c
Add caller and line when an unknown function is called on the Monitor object
2016-08-22 11:28:53 -04:00
Isaac Connor
Isaac Connor
Isaac Connor
Joshua Ruehlig
Isaac Connor
Andy Bauer
Andrew Bauer
Andrew Bauer
Isaac Connor
Manojav Sridhar
Kyle Johnson
Isaac Connor
SteveGilvarry
klemens
bhaal2