ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,659 Commits 20 Branches 69 Tags 131 MiB
Commit Graph

216 Commits

Author SHA1 Message Date
Andrew Bauer 06009f3b16 Merge pull request #1661 from connortechnology/add_scale_to_frame_view 
Add scale to frame view
 2017-05-10 07:56:36 -05:00
Andrew Bauer e6c60737e9 Merge pull request #1756 from SteveGilvarry/zmf_goodbye 
Remove zmf
 2017-05-10 07:07:22 -05:00
Joshua Ruehlig 05a141bf78 Update database.php 2017-04-24 23:40:52 -07:00
Isaac Connor f2920c37e0 escapeshellarg adds quotes, which is bad. Use escapeshellcmd on the whole string instead. 2017-04-18 12:31:20 -04:00
Isaac Connor 538658403c Merge pull request #1822 from knnniggett/csrf 
Implement CSRF Mitigation
 2017-03-30 10:39:55 -04:00
Isaac Connor 589b369109 fix inserting x10 record with missing , 2017-03-28 20:03:46 -04:00
Andy Bauer 4e16ae6d19 add ZM_ENABLE_CSRF_MAGIC toggle 2017-03-28 17:29:36 -05:00
Andrew Bauer 2dcd95bc7f Merge pull request #1504 from ZoneMinder/improve_filter 
Improve filter
 2017-03-18 21:12:58 -05:00
Andrew Bauer d38bae72ae integrate csrf-magic library 2017-03-18 20:12:06 -05:00
Andrew Bauer 7e0ac4b239 Merge pull request #1780 from connortechnology/fix_1775 
use escapeshellarg on inputs to daemonControl and other functions
 2017-03-16 09:27:04 -05:00
Andy Bauer 8759e2bdb4 prevent divide by zero, make error messages more descriptive 2017-02-21 13:10:41 -06:00
Andy Bauer 27ca8d8674 use === operator in getDiskPercent function 2017-02-21 12:33:05 -06:00
Manojav Sridhar f50c0e2096 fix missing isset check, caused number of Undefined Property warnings 2017-02-18 11:15:43 -05:00
Isaac Connor 2bf4b5ad1a use escapeshellarg on inputs to daemonControl and other functions where exec is called 2017-02-15 09:45:25 -05:00
Kyle Johnson 5804cd2462 Merge pull request #2 from connortechnology/fix_sql_injection 
Sanitize input parameters
 2017-02-04 15:05:54 -07:00
Andrew Bauer c5906a5d4f Merge pull request #6 from connortechnology/log_xss_fixes2 
Log xss fixes2
 2017-02-04 16:05:43 -06:00
Kyle Johnson 6b3a53ec0f Tell PDO to use real prepared statements. 
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.

See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
 2017-02-04 14:59:33 -07:00
Isaac Connor 568160e5aa add a scale element to the frame view. Include some bits from StorageAreas to make it work 2017-01-31 11:13:15 -05:00
Isaac Connor 41dab0750e turn whatever gets output into html escaped html so that nothing gets revealed 2017-01-27 21:30:22 -05:00
Isaac Connor a8d1450adf Merge branch 'master' into fix_sql_injection 2017-01-27 17:18:34 -05:00
Kyle Johnson 746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor c1e05753d6 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro 2017-01-27 17:12:46 -05:00
SteveGilvarry 2f3ebd80da Remove zmf, die..die..die 2017-01-16 13:20:05 -08:00
Isaac Connor 55403219d8 fix regexp for direction in control command. Also log if the regexp doesn't match 2017-01-10 12:35:38 -05:00
Isaac Connor b4bddee337 Merge branch 'master' into improve_filter 2017-01-03 08:49:56 -05:00
Isaac Connor f6ea52280a Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions 2017-01-02 10:34:15 -05:00
klemens 0d549f1db3 spelling fixes 2016-12-29 10:31:05 +01:00
Andy Bauer 254fcbcef7 update gpl 2 mailing address in source files 2016-12-26 09:23:16 -06:00
Isaac Connor 752f0eb40b Merge branch 'master' into improve_filter 2016-12-20 11:43:02 -05:00
Isaac Connor 794043cbe9 On successful login, tell php to regenerate the session id 2016-12-14 15:06:18 -05:00
Isaac Connor b5e4c94682 test for integer string as well 2016-12-08 15:58:00 -05:00
Isaac Connor e7d0861530 check limit for a valid integer and complain if not. 2016-12-08 13:37:23 -05:00
Isaac Connor 9312eed17f Merge branch 'master' into disk_space_in_events 2016-11-22 10:58:24 -05:00
Isaac Connor bb6b0c2d49 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder into improve_filter 2016-11-17 12:16:49 -05:00
Isaac Connor 8f71971209 Show error message upon unsuccessful login. Fixes #1648 (#1680) 
* Add additional post-cmake files to .gitignore

* Add bootstrap 3.3.7

* Load bootstrap css

* Restyle login page, move recaptcha js to <head>

The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.

* Update doctype to HTML5, add meta tags for mobile browsers

* Move inline Login css to css file

* Remove extra php tag in functions.php

* Show error message upon unsuccessful login.  Fixes #1648

 * Includes bootstrap glyphicons as they're used in the error message.
 * Failure check is done via a simple test in login.js.php and login.js.
   The 'view' param will only be set (to 'postlogin') if the login page
   has refreshed due to a failed login.  Otherwise you're directed to
   the console view.

* Only load bootstrap css in specific views.

Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.

* Test for invalid login via session variable.

The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login

* Fix a few typos in login inputs

* Add new fonts directory to web CMakeLists
 2016-11-14 21:24:43 -05:00
Andrew Bauer 49d8e35e56 Show available PATH_MAP percent on console (#1675) 
* Add PATH_SWAP percent to console

* add changes to console.php

* use ZM_PATH_MAP instead of ZM_PATH_SWAP

* show the folder name PATH_MAP points to

* use a dash as the delimiter instead of fwd slash
 2016-11-11 08:47:08 -05:00
Kyle Johnson 95d00f70a3 Test for invalid login via session variable. 
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
 2016-11-10 23:29:12 -07:00
Isaac Connor 1e233c0ce5 Merge branch 'master' into improve_filter 2016-11-04 15:20:43 -04:00
Steve Gilvarry 11cc73f55d Merge pull request #1651 from connortechnology/fix_disable_monitor 
Fix logic when disabling a monitor
 2016-10-20 05:16:22 +11:00
Steve Gilvarry c78a543e8e Merge pull request #1475 from connortechnology/htmlselect 
introduce htmlselect as an alternative to buildselect
 2016-10-20 05:05:59 +11:00
Isaac Connor aaf8f6c98b add the missing case for ServerId in Filter processing. 2016-10-18 10:14:19 -04:00
Isaac Connor c02b840274 Fix logic when disabling a monitor 2016-10-11 12:10:47 -04:00
Isaac Connor db8cada380 fix merge 2016-09-13 15:01:02 -04:00
Steve Gilvarry 563f4a9d46 Merge pull request #1505 from ZoneMinder/fix_filter_actions 
Confirmed check box status is now retained after save and changing filters.
 2016-09-11 14:13:51 +10:00
Andrew Bauer 7d48b2c6c5 Merge pull request #1577 from ZoneMinder/fix_zmaControl 
fix error in calling zmaControl
 2016-08-17 08:36:51 -05:00
Andrew Bauer 31cb86046c Merge pull request #1592 from connortechnology/fix_analysis_frame 
Fix analysis frame
 2016-08-14 10:54:46 -05:00
Isaac Connor 240336e3ec silence error when Event has no StorageId set 2016-08-12 15:20:21 -04:00
Isaac Connor 3dadcc8d32 add ability to pass show=capture or show=analyse to getImageSrc 2016-08-12 15:14:51 -04:00
Andrew Bauer 382896dc0d Merge pull request #1498 from josh4trunks/mysql_port_socket 
Add support for MySQL Port / Unix Socket
 2016-08-06 09:32:32 -05:00
Isaac Connor aa78b403a1 zmaControl can take an id #, so need to move the check for local server test down. 2016-08-02 12:33:41 -04:00