5804cd2462
Merge pull request #2 from connortechnology/fix_sql_injection
...
Sanitize input parameters
2017-02-04 15:05:54 -07:00
c5906a5d4f
Merge pull request #6 from connortechnology/log_xss_fixes2
...
Log xss fixes2
2017-02-04 16:05:43 -06:00
6b3a53ec0f
Tell PDO to use real prepared statements.
...
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.
See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
9135da92ed
fix typo fileFields => filterFields
2017-01-31 21:33:43 -05:00
7d451e1e41
float the scale control right, add css for other skins
2017-01-31 11:13:16 -05:00
4a4f62f0a7
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2017-01-31 11:13:16 -05:00
568160e5aa
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2017-01-31 11:13:15 -05:00
3437f23e8a
Merge branch 'master' into fix_sql_injection
2017-01-28 14:33:49 -05:00
41dab0750e
turn whatever gets output into html escaped html so that nothing gets revealed
2017-01-27 21:30:22 -05:00
a8d1450adf
Merge branch 'master' into fix_sql_injection
2017-01-27 17:18:34 -05:00
746a096483
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2017-01-27 15:16:33 -07:00
c1e05753d6
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro
2017-01-27 17:12:46 -05:00
dbd73690b2
use !== false rather than === true
2017-01-25 09:26:07 -06:00
6189d2670c
ZM_DIR_EVENTS can be, and often is, a symlink
2017-01-25 09:05:34 -06:00
8b19fca992
sanitize the image path before processing
2017-01-25 08:30:19 -06:00
2f3ebd80da
Remove zmf, die..die..die
2017-01-16 13:20:05 -08:00
0e7794f2a7
Merge pull request #1 from connortechnology/cookie_http_only
...
set http_only flag in cookie settings
2017-01-12 09:25:36 -07:00
7ef7a36f39
fix conditional logic in controlcap.js
2017-01-10 17:53:05 -06:00
55403219d8
fix regexp for direction in control command. Also log if the regexp doesn't match
2017-01-10 12:35:38 -05:00
fea5fa1b59
fix xtell should be -1 for move left
2017-01-10 12:35:02 -05:00
b4bddee337
Merge branch 'master' into improve_filter
2017-01-03 08:49:56 -05:00
0a90dbac9f
require Event.php and clean up use of object vs db row array. Use newer way of using views/image.php by passing eid and frameid instead of a path.
2017-01-02 10:35:51 -05:00
30674919c4
always include Storage object, because in the end we will be using it everywhere
2017-01-02 10:34:45 -05:00
f6ea52280a
Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions
2017-01-02 10:34:15 -05:00
b063d8d6aa
Merge pull request #1728 from connortechnology/path_zms_message
...
Path zms message
2017-01-02 08:54:32 -06:00
ef71ae248c
fix ramSocketFile to remSocketFile
2017-01-02 09:31:26 -05:00
0d549f1db3
spelling fixes
2016-12-29 10:31:05 +01:00
25ab1bee18
more fixed to gpl license text
2016-12-26 10:40:09 -06:00
2dda2d9e1e
remove unneeded, empty files
2016-12-26 09:49:14 -06:00
254fcbcef7
update gpl 2 mailing address in source files
2016-12-26 09:23:16 -06:00
38c0cedecc
remove the use of empty which on php < 5.5 only supports variables.
2016-12-20 16:37:42 -05:00
752f0eb40b
Merge branch 'master' into improve_filter
2016-12-20 11:43:02 -05:00
68a24040ab
Merge pull request #1710 from connortechnology/path_zms_message
...
replace the old socket_sendto error message with something more useful
2016-12-20 10:30:35 -06:00
8b726996f7
FAQ fixes, more text about zms problems in it, and adjust the socket_sendto error message to point to the FAQ entry that is relevant.
2016-12-19 21:36:39 -05:00
fe3f3d91ce
replace the old socket_sendto error message with something more useful so that people stop asking us how to fix it.
2016-12-16 09:12:27 -05:00
794043cbe9
On successful login, tell php to regenerate the session id
2016-12-14 15:06:18 -05:00
ad157cf21c
fix tabs
2016-12-14 14:56:54 -05:00
69c39f8a23
set http_only flag in cookie settings
2016-12-14 14:39:44 -05:00
a9548d3f6b
Add a config entry to turn event disk space on/off
2016-12-13 13:34:56 -05:00
30ec67d4c3
Merge branch 'master' into disk_space_in_events
2016-12-13 13:28:32 -05:00
b5e4c94682
test for integer string as well
2016-12-08 15:58:00 -05:00
7c84e2417d
remove extra ?
2016-12-08 15:53:38 -05:00
c8009baf3f
fix missing ; and test for integer string in limit
2016-12-08 15:46:42 -05:00
d600eb0e8b
Merge branch 'master' into fix_sql_injection
2016-12-08 13:39:04 -05:00
e7d0861530
check limit for a valid integer and complain if not.
2016-12-08 13:37:23 -05:00
587fd16aa6
Add testing for limit, sortField and all the filters to ensure that they are valid.
2016-12-08 13:31:44 -05:00
857b4e8345
Merge branch 'master' into improve_filter
2016-12-06 11:58:41 -05:00
986567839e
Additional minor changes
2016-12-02 10:08:49 +01:00
e27639f599
Updated dutch translation
2016-12-02 09:49:50 +01:00
9312eed17f
Merge branch 'master' into disk_space_in_events
2016-11-22 10:58:24 -05:00
02cd3e8cba
Merge branch 'master' into small_fixes
2016-11-22 10:52:07 -05:00
bb6b0c2d49
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder into improve_filter
2016-11-17 12:16:49 -05:00
4eb5ff7aff
Fix Undefined index: loginFailed. Resolves #1684
2016-11-16 19:42:04 -07:00
8f71971209
Show error message upon unsuccessful login. Fixes #1648 ( #1680 )
...
* Add additional post-cmake files to .gitignore
* Add bootstrap 3.3.7
* Load bootstrap css
* Restyle login page, move recaptcha js to <head>
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
* Update doctype to HTML5, add meta tags for mobile browsers
* Move inline Login css to css file
* Remove extra php tag in functions.php
* Show error message upon unsuccessful login. Fixes #1648
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
* Only load bootstrap css in specific views.
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
* Test for invalid login via session variable.
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
* Fix a few typos in login inputs
* Add new fonts directory to web CMakeLists
2016-11-14 21:24:43 -05:00
b0d22aa2a5
Add new fonts directory to web CMakeLists
2016-11-14 19:23:05 -07:00
49d8e35e56
Show available PATH_MAP percent on console ( #1675 )
...
* Add PATH_SWAP percent to console
* add changes to console.php
* use ZM_PATH_MAP instead of ZM_PATH_SWAP
* show the folder name PATH_MAP points to
* use a dash as the delimiter instead of fwd slash
2016-11-11 08:47:08 -05:00
65fe07e7aa
Fix a few typos in login inputs
2016-11-10 23:36:28 -07:00
95d00f70a3
Test for invalid login via session variable.
...
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
2016-11-10 23:29:12 -07:00
3916b02a74
Only load bootstrap css in specific views.
...
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
2016-11-10 23:07:52 -07:00
0800a69a57
Show error message upon unsuccessful login. Fixes #1648
...
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
2016-11-10 22:51:32 -07:00
97fb53e95c
Remove extra php tag in functions.php
2016-11-10 21:49:57 -07:00
227b196a2e
Move inline Login css to css file
2016-11-10 21:48:42 -07:00
3e3956f45d
Update doctype to HTML5, add meta tags for mobile browsers
2016-11-10 21:47:53 -07:00
eacf6cd415
Restyle login page, move recaptcha js to <head>
...
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
2016-11-10 21:46:55 -07:00
1607ae1210
Load bootstrap css
2016-11-10 21:45:46 -07:00
2c93f61622
Add bootstrap 3.3.7
2016-11-10 21:45:18 -07:00
9f43825b92
prevent the end user from slecting an invalid configuration on the PT… ( #1676 )
...
* prevent the end user from slecting an invalid configuration on the PTZ control configuraion "Move" tab
* change to console.php should not be in this pr
2016-11-08 22:10:51 -05:00
8c41781a9f
Fix event.stop error in watch.js See #1672 ( #1678 )
2016-11-08 18:53:06 -05:00
735d2df3c9
event is redefined before being passed to deleteEvent. Fixes #1671
2016-11-04 23:23:40 -06:00
1e233c0ce5
Merge branch 'master' into improve_filter
2016-11-04 15:20:43 -04:00
bd47439056
Merge pull request #1639 from connortechnology/cookie_scale
...
store the scale value for watch and event views in a cookie, differen…
2016-11-03 12:35:15 -06:00
099cca210b
fix monitorId to MonitorId
2016-11-03 14:34:17 -04:00
d504043a9e
Update ru_ru.php
...
Remote extra line
2016-11-01 00:32:46 +11:00
a7c1231b46
fix WatchScale -> EventScale
2016-10-26 14:53:24 -04:00
0409ae5582
Merge pull request #1652 from connortechnology/fix_popup
...
handle when window.open fails
2016-10-20 05:17:44 +11:00
11cc73f55d
Merge pull request #1651 from connortechnology/fix_disable_monitor
...
Fix logic when disabling a monitor
2016-10-20 05:16:22 +11:00
c78a543e8e
Merge pull request #1475 from connortechnology/htmlselect
...
introduce htmlselect as an alternative to buildselect
2016-10-20 05:05:59 +11:00
192d0dbb45
added TimeZone get API
2016-10-18 14:07:31 -04:00
aaf8f6c98b
add the missing case for ServerId in Filter processing.
2016-10-18 10:14:19 -04:00
b385ba7bf4
Merge branch 'master' into improve_filter
2016-10-18 09:59:45 -04:00
7c8b99af23
fix bracket problems
2016-10-11 12:43:13 -04:00
c02b840274
Fix logic when disabling a monitor
2016-10-11 12:10:47 -04:00
ded1e0ea73
handle when window.open fails
2016-10-11 11:48:29 -04:00
3801d9e43e
Disabled autocorrect, autocapitalize, spellcheck on username field for login form
2016-10-10 11:27:36 -07:00
7b574e0d41
Merge pull request #1645 from connortechnology/fix_onvif
...
Fix onvif
2016-10-04 16:34:58 -05:00
ac24865647
add NoDetectProfiles instead of reusing NoDetectedCameras
2016-10-04 14:33:51 -04:00
6814bcc791
add NoDetectProfiles instead of reusing NoDetectedCameras
2016-10-04 14:33:38 -04:00
09c5e3012a
username and password don't actually have to be specified
2016-10-04 14:09:32 -04:00
21a94a6200
better error message
2016-10-04 10:29:37 -04:00
6c3a3d3d50
store the scale value for watch and event views in a cookie, differentiated by monitorId.
2016-09-27 09:46:04 -04:00
92d7cad5f1
enabled utf8
2016-09-21 11:53:34 -04:00
5f46b8f942
Merge pull request #1621 from connortechnology/fix_1620
...
ptzControl expects a monitor object instead of a dbrow array.
2016-09-15 10:18:26 -04:00
db8cada380
fix merge
2016-09-13 15:01:02 -04:00
54db9f2e3a
ptzControl expects a monitor object instead of a dbrow array.
2016-09-12 21:36:03 -04:00
563f4a9d46
Merge pull request #1505 from ZoneMinder/fix_filter_actions
...
Confirmed check box status is now retained after save and changing filters.
2016-09-11 14:13:51 +10:00
e35ef3ce83
Merge pull request #1617 from coracis/master
...
Update German translation
2016-09-09 08:55:19 -05:00
321deb5506
Merge pull request #1599 from sabbath88/master
...
add some more translation
2016-09-09 08:40:05 -05:00
070051d06a
Merge commit '6fab2e97b1f45115107c4f5138424408f42dc3e9'
...
For easy pull-requesting
2016-09-09 14:20:03 +02:00
6fab2e97b1
Update German translation of Buffer
2016-09-09 13:32:20 +02:00
b10c79b4f7
Add translation for 'Montage Review'
2016-09-09 13:26:19 +02:00
Kyle Johnson
Andrew Bauer
Isaac Connor
Isaac Connor
Andrew Bauer
SteveGilvarry
klemens
Bernardus Jansen
Isaac Connor
Pliable Pixels
Jeff Vogt
corax