Isaac Connor
2bf4b5ad1a
use escapeshellarg on inputs to daemonControl and other functions where exec is called
2017-02-15 09:45:25 -05:00
SteveGilvarry
b791504598
Wording of help text fixes
2017-02-06 08:01:04 +11:00
SteveGilvarry
9716c4ef89
Add Option help
2017-02-05 18:43:47 +11:00
SteveGilvarry
c72704bf0b
Change descriptions for ffmpeg methods and put TCP first.
2017-02-05 15:34:06 +11:00
Kyle Johnson
5804cd2462
Merge pull request #2 from connortechnology/fix_sql_injection
...
Sanitize input parameters
2017-02-04 15:05:54 -07:00
Andrew Bauer
c5906a5d4f
Merge pull request #6 from connortechnology/log_xss_fixes2
...
Log xss fixes2
2017-02-04 16:05:43 -06:00
Kyle Johnson
6b3a53ec0f
Tell PDO to use real prepared statements.
...
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.
See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
Isaac Connor
9135da92ed
fix typo fileFields => filterFields
2017-01-31 21:33:43 -05:00
Isaac Connor
7d451e1e41
float the scale control right, add css for other skins
2017-01-31 11:13:16 -05:00
Isaac Connor
4a4f62f0a7
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2017-01-31 11:13:16 -05:00
Isaac Connor
568160e5aa
add a scale element to the frame view. Include some bits from StorageAreas to make it work
2017-01-31 11:13:15 -05:00
Isaac Connor
3437f23e8a
Merge branch 'master' into fix_sql_injection
2017-01-28 14:33:49 -05:00
Isaac Connor
41dab0750e
turn whatever gets output into html escaped html so that nothing gets revealed
2017-01-27 21:30:22 -05:00
Isaac Connor
a8d1450adf
Merge branch 'master' into fix_sql_injection
2017-01-27 17:18:34 -05:00
Kyle Johnson
746a096483
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2017-01-27 15:16:33 -07:00
Isaac Connor
c1e05753d6
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro
2017-01-27 17:12:46 -05:00
Andrew Bauer
dbd73690b2
use !== false rather than === true
2017-01-25 09:26:07 -06:00
Andrew Bauer
6189d2670c
ZM_DIR_EVENTS can be, and often is, a symlink
2017-01-25 09:05:34 -06:00
Andrew Bauer
8b19fca992
sanitize the image path before processing
2017-01-25 08:30:19 -06:00
SteveGilvarry
2f3ebd80da
Remove zmf, die..die..die
2017-01-16 13:20:05 -08:00
Kyle Johnson
0e7794f2a7
Merge pull request #1 from connortechnology/cookie_http_only
...
set http_only flag in cookie settings
2017-01-12 09:25:36 -07:00
Andy Bauer
7ef7a36f39
fix conditional logic in controlcap.js
2017-01-10 17:53:05 -06:00
Isaac Connor
55403219d8
fix regexp for direction in control command. Also log if the regexp doesn't match
2017-01-10 12:35:38 -05:00
Isaac Connor
fea5fa1b59
fix xtell should be -1 for move left
2017-01-10 12:35:02 -05:00
Isaac Connor
b4bddee337
Merge branch 'master' into improve_filter
2017-01-03 08:49:56 -05:00
Isaac Connor
0a90dbac9f
require Event.php and clean up use of object vs db row array. Use newer way of using views/image.php by passing eid and frameid instead of a path.
2017-01-02 10:35:51 -05:00
Isaac Connor
30674919c4
always include Storage object, because in the end we will be using it everywhere
2017-01-02 10:34:45 -05:00
Isaac Connor
f6ea52280a
Update Event object to @iconnor's latest which brings us a createListThumbnail function copied from includes/functions
2017-01-02 10:34:15 -05:00
Andrew Bauer
b063d8d6aa
Merge pull request #1728 from connortechnology/path_zms_message
...
Path zms message
2017-01-02 08:54:32 -06:00
Isaac Connor
ef71ae248c
fix ramSocketFile to remSocketFile
2017-01-02 09:31:26 -05:00
klemens
0d549f1db3
spelling fixes
2016-12-29 10:31:05 +01:00
Andy Bauer
25ab1bee18
more fixed to gpl license text
2016-12-26 10:40:09 -06:00
Andy Bauer
2dda2d9e1e
remove unneeded, empty files
2016-12-26 09:49:14 -06:00
Andy Bauer
254fcbcef7
update gpl 2 mailing address in source files
2016-12-26 09:23:16 -06:00
Isaac Connor
38c0cedecc
remove the use of empty which on php < 5.5 only supports variables.
2016-12-20 16:37:42 -05:00
Isaac Connor
752f0eb40b
Merge branch 'master' into improve_filter
2016-12-20 11:43:02 -05:00
Andrew Bauer
68a24040ab
Merge pull request #1710 from connortechnology/path_zms_message
...
replace the old socket_sendto error message with something more useful
2016-12-20 10:30:35 -06:00
Isaac Connor
8b726996f7
FAQ fixes, more text about zms problems in it, and adjust the socket_sendto error message to point to the FAQ entry that is relevant.
2016-12-19 21:36:39 -05:00
Isaac Connor
fe3f3d91ce
replace the old socket_sendto error message with something more useful so that people stop asking us how to fix it.
2016-12-16 09:12:27 -05:00
Isaac Connor
794043cbe9
On successful login, tell php to regenerate the session id
2016-12-14 15:06:18 -05:00
Isaac Connor
ad157cf21c
fix tabs
2016-12-14 14:56:54 -05:00
Isaac Connor
69c39f8a23
set http_only flag in cookie settings
2016-12-14 14:39:44 -05:00
Isaac Connor
a9548d3f6b
Add a config entry to turn event disk space on/off
2016-12-13 13:34:56 -05:00
Isaac Connor
30ec67d4c3
Merge branch 'master' into disk_space_in_events
2016-12-13 13:28:32 -05:00
Isaac Connor
b5e4c94682
test for integer string as well
2016-12-08 15:58:00 -05:00
Isaac Connor
7c84e2417d
remove extra ?
2016-12-08 15:53:38 -05:00
Isaac Connor
c8009baf3f
fix missing ; and test for integer string in limit
2016-12-08 15:46:42 -05:00
Isaac Connor
d600eb0e8b
Merge branch 'master' into fix_sql_injection
2016-12-08 13:39:04 -05:00
Isaac Connor
e7d0861530
check limit for a valid integer and complain if not.
2016-12-08 13:37:23 -05:00
Isaac Connor
587fd16aa6
Add testing for limit, sortField and all the filters to ensure that they are valid.
2016-12-08 13:31:44 -05:00
Isaac Connor
857b4e8345
Merge branch 'master' into improve_filter
2016-12-06 11:58:41 -05:00
Bernardus Jansen
986567839e
Additional minor changes
2016-12-02 10:08:49 +01:00
Bernardus Jansen
e27639f599
Updated dutch translation
2016-12-02 09:49:50 +01:00
Isaac Connor
9312eed17f
Merge branch 'master' into disk_space_in_events
2016-11-22 10:58:24 -05:00
Isaac Connor
02cd3e8cba
Merge branch 'master' into small_fixes
2016-11-22 10:52:07 -05:00
Isaac Connor
bb6b0c2d49
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder into improve_filter
2016-11-17 12:16:49 -05:00
Kyle Johnson
4eb5ff7aff
Fix Undefined index: loginFailed. Resolves #1684
2016-11-16 19:42:04 -07:00
Isaac Connor
8f71971209
Show error message upon unsuccessful login. Fixes #1648 ( #1680 )
...
* Add additional post-cmake files to .gitignore
* Add bootstrap 3.3.7
* Load bootstrap css
* Restyle login page, move recaptcha js to <head>
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
* Update doctype to HTML5, add meta tags for mobile browsers
* Move inline Login css to css file
* Remove extra php tag in functions.php
* Show error message upon unsuccessful login. Fixes #1648
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
* Only load bootstrap css in specific views.
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
* Test for invalid login via session variable.
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
* Fix a few typos in login inputs
* Add new fonts directory to web CMakeLists
2016-11-14 21:24:43 -05:00
Kyle Johnson
b0d22aa2a5
Add new fonts directory to web CMakeLists
2016-11-14 19:23:05 -07:00
Andrew Bauer
49d8e35e56
Show available PATH_MAP percent on console ( #1675 )
...
* Add PATH_SWAP percent to console
* add changes to console.php
* use ZM_PATH_MAP instead of ZM_PATH_SWAP
* show the folder name PATH_MAP points to
* use a dash as the delimiter instead of fwd slash
2016-11-11 08:47:08 -05:00
Kyle Johnson
65fe07e7aa
Fix a few typos in login inputs
2016-11-10 23:36:28 -07:00
Kyle Johnson
95d00f70a3
Test for invalid login via session variable.
...
The previous method had cases where the error messsage was displayed
when it shouldn't have been, such as when specifying ?view=login
2016-11-10 23:29:12 -07:00
Kyle Johnson
3916b02a74
Only load bootstrap css in specific views.
...
Bootstrap was causing some styling conflicts with the legacy css.
As such only load bootstrap.css on pages which we have specifically
allowed, which would be pages that have been restyled and verified.
2016-11-10 23:07:52 -07:00
Kyle Johnson
0800a69a57
Show error message upon unsuccessful login. Fixes #1648
...
* Includes bootstrap glyphicons as they're used in the error message.
* Failure check is done via a simple test in login.js.php and login.js.
The 'view' param will only be set (to 'postlogin') if the login page
has refreshed due to a failed login. Otherwise you're directed to
the console view.
2016-11-10 22:51:32 -07:00
Kyle Johnson
97fb53e95c
Remove extra php tag in functions.php
2016-11-10 21:49:57 -07:00
Kyle Johnson
227b196a2e
Move inline Login css to css file
2016-11-10 21:48:42 -07:00
Kyle Johnson
3e3956f45d
Update doctype to HTML5, add meta tags for mobile browsers
2016-11-10 21:47:53 -07:00
Kyle Johnson
eacf6cd415
Restyle login page, move recaptcha js to <head>
...
The way it was handled previously resulted in
invalid html, with an extra <head> tag being
inserteed inside the <body>.
2016-11-10 21:46:55 -07:00
Kyle Johnson
1607ae1210
Load bootstrap css
2016-11-10 21:45:46 -07:00
Kyle Johnson
2c93f61622
Add bootstrap 3.3.7
2016-11-10 21:45:18 -07:00
Andrew Bauer
9f43825b92
prevent the end user from slecting an invalid configuration on the PT… ( #1676 )
...
* prevent the end user from slecting an invalid configuration on the PTZ control configuraion "Move" tab
* change to console.php should not be in this pr
2016-11-08 22:10:51 -05:00
Kyle Johnson
8c41781a9f
Fix event.stop error in watch.js See #1672 ( #1678 )
2016-11-08 18:53:06 -05:00
Kyle Johnson
735d2df3c9
event is redefined before being passed to deleteEvent. Fixes #1671
2016-11-04 23:23:40 -06:00
Isaac Connor
1e233c0ce5
Merge branch 'master' into improve_filter
2016-11-04 15:20:43 -04:00
Kyle Johnson
bd47439056
Merge pull request #1639 from connortechnology/cookie_scale
...
store the scale value for watch and event views in a cookie, differen…
2016-11-03 12:35:15 -06:00
Isaac Connor
099cca210b
fix monitorId to MonitorId
2016-11-03 14:34:17 -04:00
Steve Gilvarry
d504043a9e
Update ru_ru.php
...
Remote extra line
2016-11-01 00:32:46 +11:00
Isaac Connor
a7c1231b46
fix WatchScale -> EventScale
2016-10-26 14:53:24 -04:00
Steve Gilvarry
0409ae5582
Merge pull request #1652 from connortechnology/fix_popup
...
handle when window.open fails
2016-10-20 05:17:44 +11:00
Steve Gilvarry
11cc73f55d
Merge pull request #1651 from connortechnology/fix_disable_monitor
...
Fix logic when disabling a monitor
2016-10-20 05:16:22 +11:00
Steve Gilvarry
c78a543e8e
Merge pull request #1475 from connortechnology/htmlselect
...
introduce htmlselect as an alternative to buildselect
2016-10-20 05:05:59 +11:00
Pliable Pixels
192d0dbb45
added TimeZone get API
2016-10-18 14:07:31 -04:00
Isaac Connor
aaf8f6c98b
add the missing case for ServerId in Filter processing.
2016-10-18 10:14:19 -04:00
Isaac Connor
b385ba7bf4
Merge branch 'master' into improve_filter
2016-10-18 09:59:45 -04:00
Isaac Connor
7c8b99af23
fix bracket problems
2016-10-11 12:43:13 -04:00
Isaac Connor
c02b840274
Fix logic when disabling a monitor
2016-10-11 12:10:47 -04:00
Isaac Connor
ded1e0ea73
handle when window.open fails
2016-10-11 11:48:29 -04:00
Jeff Vogt
3801d9e43e
Disabled autocorrect, autocapitalize, spellcheck on username field for login form
2016-10-10 11:27:36 -07:00
Andrew Bauer
7b574e0d41
Merge pull request #1645 from connortechnology/fix_onvif
...
Fix onvif
2016-10-04 16:34:58 -05:00
Isaac Connor
ac24865647
add NoDetectProfiles instead of reusing NoDetectedCameras
2016-10-04 14:33:51 -04:00
Isaac Connor
6814bcc791
add NoDetectProfiles instead of reusing NoDetectedCameras
2016-10-04 14:33:38 -04:00
Isaac Connor
09c5e3012a
username and password don't actually have to be specified
2016-10-04 14:09:32 -04:00
Isaac Connor
21a94a6200
better error message
2016-10-04 10:29:37 -04:00
Isaac Connor
6c3a3d3d50
store the scale value for watch and event views in a cookie, differentiated by monitorId.
2016-09-27 09:46:04 -04:00
Pliable Pixels
92d7cad5f1
enabled utf8
2016-09-21 11:53:34 -04:00
Isaac Connor
5f46b8f942
Merge pull request #1621 from connortechnology/fix_1620
...
ptzControl expects a monitor object instead of a dbrow array.
2016-09-15 10:18:26 -04:00
Isaac Connor
db8cada380
fix merge
2016-09-13 15:01:02 -04:00
Isaac Connor
54db9f2e3a
ptzControl expects a monitor object instead of a dbrow array.
2016-09-12 21:36:03 -04:00
Steve Gilvarry
563f4a9d46
Merge pull request #1505 from ZoneMinder/fix_filter_actions
...
Confirmed check box status is now retained after save and changing filters.
2016-09-11 14:13:51 +10:00
Andrew Bauer
e35ef3ce83
Merge pull request #1617 from coracis/master
...
Update German translation
2016-09-09 08:55:19 -05:00