Commit Graph

3161 Commits

Author SHA1 Message Date
Andrew Bauer 7e0ac4b239 Merge pull request #1780 from connortechnology/fix_1775
use escapeshellarg on inputs to daemonControl and other functions
2017-03-16 09:27:04 -05:00
Isaac Connor 5bccd92b68 fix scoping of scale var 2017-03-16 09:53:53 -04:00
Isaac Connor 9f99d34807 fix calls to getStreamHTML 2017-03-13 14:22:33 -04:00
Isaac Connor 14c4a156c6 set img.src='' first so that Chrome closes the old stream. 2017-03-06 20:21:12 -05:00
Isaac Connor 4df12ae370 Merge branch 'montage_width_height' of github.com:ConnorTechnology/ZoneMinder into montage_width_height 2017-03-06 17:30:00 -05:00
Isaac Connor d3f7451736 Merge branch 'storageareas' into montage_width_height 2017-03-06 16:56:18 -05:00
Isaac Connor fdcb93eacc Merge branch 'master' into storageareas 2017-03-06 16:22:28 -05:00
Isaac Connor ebafc62b51 Must reopen the session so we can generate an auth hash 2017-03-01 15:27:42 -05:00
Isaac Connor 4fc0aead70 wip 2017-03-01 15:26:40 -05:00
Isaac Connor c4caa9a631 convert arguments from an array of strong to a hash and use http_build_query 2017-02-27 21:48:08 -05:00
Isaac Connor c3a52272d8 implement changeWidth, changeHeight and alter getStreamHTML to take an array of options 2017-02-27 20:56:14 -05:00
Isaac Connor a0dd36d869 add width and height scale dropdowns 2017-02-27 16:40:40 -05:00
Andy Bauer 8759e2bdb4 prevent divide by zero, make error messages more descriptive 2017-02-21 13:10:41 -06:00
Andy Bauer 27ca8d8674 use === operator in getDiskPercent function 2017-02-21 12:33:05 -06:00
Isaac Connor 186e5ba866 Merge branch 'master' into storageareas 2017-02-21 09:48:00 -05:00
Isaac Connor 971c70f540 Merge pull request #1793 from mnoorenberghe/api_debug_default
Reduce the default API debug level
2017-02-20 21:44:48 -05:00
Matthew Noorenberghe df4739826b Reduce the default API debug level 2017-02-18 23:06:53 -08:00
Manojav Sridhar f50c0e2096 fix missing isset check, caused number of Undefined Property warnings 2017-02-18 11:15:43 -05:00
Manojav Sridhar 11b90e6011 fix usage of wrong key 2017-02-17 12:37:58 -05:00
Isaac Connor 980b088d57 google style and add label tags around Scale 2017-02-17 09:19:54 -05:00
Isaac Connor 2bf4b5ad1a use escapeshellarg on inputs to daemonControl and other functions where exec is called 2017-02-15 09:45:25 -05:00
Isaac Connor d135216ac7 Merge branch 'master' into storageareas 2017-02-15 09:30:35 -05:00
Isaac Connor aeedfe8d74 fix some whitespacing 2017-02-14 09:11:54 -05:00
SteveGilvarry b791504598 Wording of help text fixes 2017-02-06 08:01:04 +11:00
SteveGilvarry 9716c4ef89 Add Option help 2017-02-05 18:43:47 +11:00
SteveGilvarry c72704bf0b Change descriptions for ffmpeg methods and put TCP first. 2017-02-05 15:34:06 +11:00
Kyle Johnson 5804cd2462 Merge pull request #2 from connortechnology/fix_sql_injection
Sanitize input parameters
2017-02-04 15:05:54 -07:00
Andrew Bauer c5906a5d4f Merge pull request #6 from connortechnology/log_xss_fixes2
Log xss fixes2
2017-02-04 16:05:43 -06:00
Kyle Johnson 6b3a53ec0f Tell PDO to use real prepared statements.
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.

See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
Isaac Connor e3edbf40cf make url full width 2017-02-02 12:16:40 -05:00
Isaac Connor 7b73eb350f update to current. 2017-02-02 12:15:16 -05:00
Isaac Connor d8c79cb750 fixup header and sidebar layout 2017-02-02 11:31:16 -05:00
Isaac Connor cee05a1bb7 fix merge problem 2017-02-02 09:21:49 -05:00
Isaac Connor 9135da92ed fix typo fileFields => filterFields 2017-01-31 21:33:43 -05:00
Isaac Connor 6f6eacaa72 fixup classic and dark skins 2017-01-30 21:45:48 -05:00
Isaac Connor 89022fff0c Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas 2017-01-30 21:16:26 -05:00
Isaac Connor f3378207c0 make navbar static instead of fixed, sync up dark theme, and improve storage editing styles 2017-01-30 21:16:21 -05:00
Isaac Connor ad2e00166a use isset 2017-01-30 19:53:08 -05:00
Isaac Connor 4543b3e1b1 include jquery-ui instead of using a cdn version 2017-01-30 19:17:14 -05:00
Isaac Connor 19aed3f860 dont check ZM_DIR_EVENTS if it already exists in storageareas 2017-01-30 17:29:15 -05:00
Isaac Connor 9fd9c5de20 test for empty and non-existent path 2017-01-30 17:24:41 -05:00
Isaac Connor fda115bebe tell zmc and zma to stop before updating db 2017-01-30 16:37:53 -05:00
Isaac Connor 3437f23e8a Merge branch 'master' into fix_sql_injection 2017-01-28 14:33:49 -05:00
Isaac Connor 41dab0750e turn whatever gets output into html escaped html so that nothing gets revealed 2017-01-27 21:30:22 -05:00
Isaac Connor a8d1450adf Merge branch 'master' into fix_sql_injection 2017-01-27 17:18:34 -05:00
Kyle Johnson 746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor c1e05753d6 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro 2017-01-27 17:12:46 -05:00
Isaac Connor 7ab6818fa0 Merge branch 'sanitize_image_path' of https://github.com/knnniggett/ZoneMinder into storageareas_sanitize 2017-01-25 17:14:30 -05:00
Andrew Bauer dbd73690b2 use !== false rather than === true 2017-01-25 09:26:07 -06:00
Andrew Bauer 6189d2670c ZM_DIR_EVENTS can be, and often is, a symlink 2017-01-25 09:05:34 -06:00
Andrew Bauer 8b19fca992 sanitize the image path before processing 2017-01-25 08:30:19 -06:00
Isaac Connor 129acb5b8e only show mark column if you have the Monitor Edit ability 2017-01-24 09:30:56 -05:00
Isaac Connor 5b598fe90d cleanup and use cleaned up monitor_id 2017-01-23 21:51:38 -05:00
Isaac Connor 7cd2f6c69e use glyphicon for sort 2017-01-23 21:51:17 -05:00
Isaac Connor bb3d47ab45 get rid of mapping 2017-01-23 21:34:06 -05:00
Isaac Connor e937b4099b add an ajax file for console to do sorting 2017-01-23 10:13:16 -05:00
Isaac Connor fdd71a826a implement dragndrop sorting 2017-01-23 10:12:57 -05:00
Isaac Connor 35148008b6 make img an inline-block so that it continues having space, even when is a broken link 2017-01-18 21:14:15 -05:00
Isaac Connor 8ce7719a33 remove extra db call cuz i sredundant 2017-01-18 21:12:54 -05:00
Isaac Connor 899b1b82b9 Merge branch 'filter_by_runstate' into storageareas 2017-01-14 17:07:20 -05:00
Isaac Connor 242e5a56d8 rough in the ability to filter on RunState 2017-01-14 16:55:28 -05:00
Isaac Connor 2ce4bad39b fix Event being undefined when called by path 2017-01-13 14:42:10 -05:00
Kyle Johnson 0e7794f2a7 Merge pull request #1 from connortechnology/cookie_http_only
set http_only flag in cookie settings
2017-01-12 09:25:36 -07:00
Isaac Connor 16fdac3179 fix remSocketFile to remSockFile 2017-01-11 11:14:00 -05:00
Isaac Connor 2436e40f5d Merge branch 'master' into storageareas 2017-01-11 10:34:27 -05:00
Andy Bauer 7ef7a36f39 fix conditional logic in controlcap.js 2017-01-10 17:53:05 -06:00
Isaac Connor 3074263e06 Merge branch 'control_fixes' into storageareas 2017-01-10 12:54:46 -05:00
Isaac Connor 55403219d8 fix regexp for direction in control command. Also log if the regexp doesn't match 2017-01-10 12:35:38 -05:00
Isaac Connor fea5fa1b59 fix xtell should be -1 for move left 2017-01-10 12:35:02 -05:00
Isaac Connor d8b8d78576 Fix storagearea lookup. Default to ZM_EVENTS_DIR 2017-01-09 16:35:58 -05:00
Isaac Connor 03fd964518 fix parsing StorageID 2017-01-09 14:59:14 -05:00
Isaac Connor 7ef0c2c9d3 fix deleting filters. We don't need to set fid anymore 2017-01-09 14:58:55 -05:00
Isaac Connor cc724a5542 add a question mark to delete confirmation 2017-01-09 14:53:13 -05:00
Isaac Connor 84183c819c Merge branch 'master' into storageareas 2017-01-03 09:53:09 -05:00
Isaac Connor b4bddee337 Merge branch 'master' into improve_filter 2017-01-03 08:49:56 -05:00
Isaac Connor 0a90dbac9f require Event.php and clean up use of object vs db row array. Use newer way of using views/image.php by passing eid and frameid instead of a path. 2017-01-02 10:35:51 -05:00
Isaac Connor 30674919c4 always include Storage object, because in the end we will be using it everywhere 2017-01-02 10:34:45 -05:00
Isaac Connor f6ea52280a Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions 2017-01-02 10:34:15 -05:00
Andrew Bauer b063d8d6aa Merge pull request #1728 from connortechnology/path_zms_message
Path zms message
2017-01-02 08:54:32 -06:00
Isaac Connor 5ae34a7561 Merge branch 'master' into storageareas 2017-01-02 09:39:10 -05:00
Isaac Connor ef71ae248c fix ramSocketFile to remSocketFile 2017-01-02 09:31:26 -05:00
Isaac Connor d97926c478 fix ramSocketFile to remSocketFile 2017-01-02 09:31:06 -05:00
klemens 0d549f1db3 spelling fixes 2016-12-29 10:31:05 +01:00
Andy Bauer 25ab1bee18 more fixed to gpl license text 2016-12-26 10:40:09 -06:00
Andy Bauer 2dda2d9e1e remove unneeded, empty files 2016-12-26 09:49:14 -06:00
Andy Bauer 254fcbcef7 update gpl 2 mailing address in source files 2016-12-26 09:23:16 -06:00
Isaac Connor 0f4b78b180 increase height of bandwidth popup 2016-12-21 10:46:42 -05:00
Isaac Connor f92edc3456 refresh stream url when changing scale 2016-12-21 10:40:47 -05:00
Isaac Connor 02a2fdf58f Merge branch 'remove_emptys' into storageareas 2016-12-20 16:40:42 -05:00
Isaac Connor 38c0cedecc remove the use of empty which on php < 5.5 only supports variables. 2016-12-20 16:37:42 -05:00
Isaac Connor c27d0270dc Merge branch 'knnniggett-zmMemDetach' into storageareas 2016-12-20 15:40:14 -05:00
Isaac Connor 752f0eb40b Merge branch 'master' into improve_filter 2016-12-20 11:43:02 -05:00
Andrew Bauer 68a24040ab Merge pull request #1710 from connortechnology/path_zms_message
replace the old socket_sendto error message with something more useful
2016-12-20 10:30:35 -06:00
Isaac Connor 8b726996f7 FAQ fixes, more text about zms problems in it, and adjust the socket_sendto error message to point to the FAQ entry that is relevant. 2016-12-19 21:36:39 -05:00
Isaac Connor fe3f3d91ce replace the old socket_sendto error message with something more useful so that people stop asking us how to fix it. 2016-12-16 09:12:27 -05:00
Isaac Connor 794043cbe9 On successful login, tell php to regenerate the session id 2016-12-14 15:06:18 -05:00
Isaac Connor ad157cf21c fix tabs 2016-12-14 14:56:54 -05:00
Isaac Connor 69c39f8a23 set http_only flag in cookie settings 2016-12-14 14:39:44 -05:00
Isaac Connor 87e8f91868 Merge branch 'storageareas' of github.com:connortechnology/ZoneMinder into storageareas 2016-12-13 15:06:07 -05:00
Isaac Connor 708f52beda Merge branch 'disk_space_in_events' into storageareas 2016-12-13 13:36:18 -05:00
Isaac Connor a9548d3f6b Add a config entry to turn event disk space on/off 2016-12-13 13:34:56 -05:00
Isaac Connor 30ec67d4c3 Merge branch 'master' into disk_space_in_events 2016-12-13 13:28:32 -05:00
Isaac Connor 821f9f8e6e Merge branch 'fix_sql_injection' into storageareas 2016-12-08 15:58:10 -05:00
Isaac Connor b5e4c94682 test for integer string as well 2016-12-08 15:58:00 -05:00
Isaac Connor 4fa24dcda4 Merge branch 'fix_sql_injection' into storageareas 2016-12-08 15:53:46 -05:00
Isaac Connor 7c84e2417d remove extra ? 2016-12-08 15:53:38 -05:00
Isaac Connor f68c73b4a8 Merge branch 'fix_sql_injection' into storageareas 2016-12-08 15:52:52 -05:00
Isaac Connor 08370b010e Merge branch 'log_xss_fixes' into storageareas 2016-12-08 15:52:37 -05:00
Isaac Connor 42fdd1fbe9 Use htmlentities on the error message when dying because the string will be sent to the browser and if it includes scripts they will be run. 2016-12-08 15:52:21 -05:00
Isaac Connor c8009baf3f fix missing ; and test for integer string in limit 2016-12-08 15:46:42 -05:00
Isaac Connor acbc5bc9e3 Merge branch 'cookie_http_only' into storageareas 2016-12-08 15:20:54 -05:00
Isaac Connor 772792a1b9 remove extra , 2016-12-08 15:20:43 -05:00
Isaac Connor ced701f56f Merge branch 'fix_sql_injection' into storageareas 2016-12-08 14:58:50 -05:00
Isaac Connor 7f2bf04c2f Merge branch 'cookie_http_only' into storageareas 2016-12-08 14:26:13 -05:00
Isaac Connor 20793ee822 set httpOnly to true on cookie creation. This will override whatever is in php.ini 2016-12-08 14:25:29 -05:00
Isaac Connor d600eb0e8b Merge branch 'master' into fix_sql_injection 2016-12-08 13:39:04 -05:00
Isaac Connor e7d0861530 check limit for a valid integer and complain if not. 2016-12-08 13:37:23 -05:00
Isaac Connor 587fd16aa6 Add testing for limit, sortField and all the filters to ensure that they are valid. 2016-12-08 13:31:44 -05:00
Isaac Connor 857b4e8345 Merge branch 'master' into improve_filter 2016-12-06 11:58:41 -05:00
Bernardus Jansen 986567839e
Additional minor changes 2016-12-02 10:08:49 +01:00
Bernardus Jansen e27639f599
Updated dutch translation 2016-12-02 09:49:50 +01:00
Isaac Connor 9e5f52a0ae fix MonitorId is part of event, not frame 2016-11-29 15:25:51 -05:00
Isaac Connor 2adb17ad90 fix type 2016-11-29 15:25:24 -05:00
Isaac Connor c2d6b3d809 fix auth 2016-11-29 15:25:10 -05:00
Isaac Connor f9af1e7129 put authorized check back after including actions.php where it needs to go 2016-11-28 11:34:46 -05:00
Isaac Connor be5b4691da check for isset of SESSION['username'] instead of just assuming it exists 2016-11-22 15:35:07 -05:00
Isaac Connor 9312eed17f Merge branch 'master' into disk_space_in_events 2016-11-22 10:58:24 -05:00
Isaac Connor 02cd3e8cba Merge branch 'master' into small_fixes 2016-11-22 10:52:07 -05:00
Isaac Connor 6bf921a858 Add thumbnanils to the frames view. Also add a content-disposition header and some url mangling to help browsers give a useful filename when doing Save Image As 2016-11-21 12:28:15 -05:00
Isaac Connor 4fe6b6f8b7 set a min width so that small images or fps updates don't cause a reflow 2016-11-21 11:39:31 -05:00
Isaac Connor c360e27b02 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder into storageareas 2016-11-17 13:13:47 -05:00
Isaac Connor bb6b0c2d49 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder into improve_filter 2016-11-17 12:16:49 -05:00
Kyle Johnson 4eb5ff7aff Fix Undefined index: loginFailed. Resolves #1684 2016-11-16 19:42:04 -07:00
Isaac Connor 2bd080a6a6 Merge branch 'master' into storageareas 2016-11-15 08:41:00 -05:00
Isaac Connor 8f71971209 Show error message upon unsuccessful login. Fixes #1648 (#1680)
* Add additional post-cmake files to .gitignore

* Add bootstrap 3.3.7

* Load bootstrap css

* Restyle login page, move recaptcha js to <head>

The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.

* Update doctype to HTML5, add meta tags for mobile browsers

* Move inline Login css to css file

* Remove extra php tag in functions.php

* Show error message upon unsuccessful login.  Fixes #1648

 * Includes bootstrap glyphicons as they're used in the error message.
 * Failure check is done via a simple test in login.js.php and login.js.
   The 'view' param will only be set (to 'postlogin') if the login page
   has refreshed due to a failed login.  Otherwise you're directed to
   the console view.

* Only load bootstrap css in specific views.

Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.

* Test for invalid login via session variable.

The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login

* Fix a few typos in login inputs

* Add new fonts directory to web CMakeLists
2016-11-14 21:24:43 -05:00
Kyle Johnson b0d22aa2a5 Add new fonts directory to web CMakeLists 2016-11-14 19:23:05 -07:00
Isaac Connor 3b7723ee8f Merge branch 'master' into storageareas 2016-11-11 22:40:00 -05:00
Andrew Bauer 49d8e35e56 Show available PATH_MAP percent on console (#1675)
* Add PATH_SWAP percent to console

* add changes to console.php

* use ZM_PATH_MAP instead of ZM_PATH_SWAP

* show the folder name PATH_MAP points to

* use a dash as the delimiter instead of fwd slash
2016-11-11 08:47:08 -05:00
Kyle Johnson 65fe07e7aa Fix a few typos in login inputs 2016-11-10 23:36:28 -07:00
Kyle Johnson 95d00f70a3 Test for invalid login via session variable.
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
2016-11-10 23:29:12 -07:00
Kyle Johnson 3916b02a74 Only load bootstrap css in specific views.
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
2016-11-10 23:07:52 -07:00
Kyle Johnson 0800a69a57 Show error message upon unsuccessful login. Fixes #1648
* Includes bootstrap glyphicons as they're used in the error message.
 * Failure check is done via a simple test in login.js.php and login.js.
   The 'view' param will only be set (to 'postlogin') if the login page
   has refreshed due to a failed login.  Otherwise you're directed to
   the console view.
2016-11-10 22:51:32 -07:00
Kyle Johnson 97fb53e95c Remove extra php tag in functions.php 2016-11-10 21:49:57 -07:00
Kyle Johnson 227b196a2e Move inline Login css to css file 2016-11-10 21:48:42 -07:00
Kyle Johnson 3e3956f45d Update doctype to HTML5, add meta tags for mobile browsers 2016-11-10 21:47:53 -07:00
Kyle Johnson eacf6cd415 Restyle login page, move recaptcha js to <head>
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
2016-11-10 21:46:55 -07:00
Kyle Johnson 1607ae1210 Load bootstrap css 2016-11-10 21:45:46 -07:00
Kyle Johnson 2c93f61622 Add bootstrap 3.3.7 2016-11-10 21:45:18 -07:00
Andrew Bauer 9f43825b92 prevent the end user from slecting an invalid configuration on the PT… (#1676)
* prevent the end user from slecting an invalid configuration on the PTZ control configuraion "Move" tab

* change to console.php should not be in this pr
2016-11-08 22:10:51 -05:00
Kyle Johnson 8c41781a9f Fix event.stop error in watch.js See #1672 (#1678) 2016-11-08 18:53:06 -05:00