Joergen Edelbo
|
fb5668c9ef
|
Fix spelling of remSocketFile
|
2017-04-29 09:02:35 +02:00 |
Andrew Bauer
|
1a565a47f2
|
fix skin path in export_functions
|
2017-04-26 12:17:01 -05:00 |
Joshua Ruehlig
|
05a141bf78
|
Update database.php
|
2017-04-24 23:40:52 -07:00 |
Joshua Ruehlig
|
ca1e8a13fe
|
Update database.php.default
|
2017-04-24 23:40:21 -07:00 |
Isaac Connor
|
f2920c37e0
|
escapeshellarg adds quotes, which is bad. Use escapeshellcmd on the whole string instead.
|
2017-04-18 12:31:20 -04:00 |
Andrew Bauer
|
008624451f
|
Merge pull request #1856 from connortechnology/remove_BOM
use dos2unix to remove BOM
|
2017-04-17 08:32:17 -05:00 |
Isaac Connor
|
5e0012569f
|
use dos2unix to remove BOM
|
2017-04-16 09:22:37 -04:00 |
Isaac Connor
|
0efca38d68
|
Merge pull request #1854 from knnniggett/caketmp
make cake tmp = zoneminder tmp
|
2017-04-15 10:23:03 -04:00 |
Isaac Connor
|
ab4b5e6b69
|
Merge pull request #1853 from knnniggett/cakecache
change cake cache engine from File -> Apc
|
2017-04-14 21:10:23 -04:00 |
Andrew Bauer
|
0b729cf295
|
modify cmakelists.txt
|
2017-04-14 15:15:29 -05:00 |
Andrew Bauer
|
d2490cf7e3
|
make cake tmp = zoneminder tmp
|
2017-04-14 15:11:41 -05:00 |
Andrew Bauer
|
48a73f7e78
|
change cache engine from File -> Apc
|
2017-04-14 14:31:42 -05:00 |
Andrew Bauer
|
3cbd32cd41
|
move cake log to zoneminder log folder
|
2017-04-14 14:24:29 -05:00 |
Andrew Bauer
|
a10d52a3e1
|
Merge pull request #1844 from connortechnology/fix_1812
fix Monitors filtering SQL
|
2017-04-03 20:06:39 -05:00 |
Isaac Connor
|
d3f6ab3d29
|
fix Monitors filtering SQL
|
2017-03-30 13:06:54 -04:00 |
Isaac Connor
|
7e3b27a130
|
Test for Controllable as well as ControlId
|
2017-03-30 10:49:02 -04:00 |
Isaac Connor
|
538658403c
|
Merge pull request #1822 from knnniggett/csrf
Implement CSRF Mitigation
|
2017-03-30 10:39:55 -04:00 |
Isaac Connor
|
589b369109
|
fix inserting x10 record with missing ,
|
2017-03-28 20:03:46 -04:00 |
Andy Bauer
|
eb55a6bb9b
|
set action,view, and/or request to NULL if there are not defined
|
2017-03-28 17:52:31 -05:00 |
Andy Bauer
|
4e16ae6d19
|
add ZM_ENABLE_CSRF_MAGIC toggle
|
2017-03-28 17:29:36 -05:00 |
Isaac Connor
|
eaca58bb7c
|
Merge pull request #1815 from mnoorenberghe/postlogin
Properly escape postLoginQuery. Fixes #1797
|
2017-03-21 10:27:13 -04:00 |
Matthew Noorenberghe
|
ea558c79a0
|
Fix check that API user is enabled
|
2017-03-20 17:16:24 -07:00 |
Isaac Connor
|
badbf1c74c
|
Merge pull request #1816 from mnoorenberghe/flat_window_sizes
Increase default window sizes for the flat theme. Fixes #1059
|
2017-03-20 13:10:13 -04:00 |
Andrew Bauer
|
2dcd95bc7f
|
Merge pull request #1504 from ZoneMinder/improve_filter
Improve filter
|
2017-03-18 21:12:58 -05:00 |
Andrew Bauer
|
d38bae72ae
|
integrate csrf-magic library
|
2017-03-18 20:12:06 -05:00 |
Matthew Noorenberghe
|
91ad6afffb
|
Increase default window sizes for the flat theme. Fixes #1059
Used the computed height of <html> and rounded up the nearest multiple of 5.
|
2017-03-17 22:24:42 -07:00 |
Matthew Noorenberghe
|
ea5342abd2
|
Properly escape postLoginQuery. Fixes #1797
|
2017-03-17 21:05:28 -07:00 |
Andrew Bauer
|
9681a444b4
|
Merge pull request #1765 from SteveGilvarry/ffmpeg_url
Align Method description to what it is actually doing
|
2017-03-16 09:32:30 -05:00 |
Andrew Bauer
|
7e0ac4b239
|
Merge pull request #1780 from connortechnology/fix_1775
use escapeshellarg on inputs to daemonControl and other functions
|
2017-03-16 09:27:04 -05:00 |
Andy Bauer
|
8759e2bdb4
|
prevent divide by zero, make error messages more descriptive
|
2017-02-21 13:10:41 -06:00 |
Andy Bauer
|
27ca8d8674
|
use === operator in getDiskPercent function
|
2017-02-21 12:33:05 -06:00 |
Isaac Connor
|
971c70f540
|
Merge pull request #1793 from mnoorenberghe/api_debug_default
Reduce the default API debug level
|
2017-02-20 21:44:48 -05:00 |
Matthew Noorenberghe
|
df4739826b
|
Reduce the default API debug level
|
2017-02-18 23:06:53 -08:00 |
Manojav Sridhar
|
f50c0e2096
|
fix missing isset check, caused number of Undefined Property warnings
|
2017-02-18 11:15:43 -05:00 |
Manojav Sridhar
|
11b90e6011
|
fix usage of wrong key
|
2017-02-17 12:37:58 -05:00 |
Isaac Connor
|
2bf4b5ad1a
|
use escapeshellarg on inputs to daemonControl and other functions where exec is called
|
2017-02-15 09:45:25 -05:00 |
SteveGilvarry
|
b791504598
|
Wording of help text fixes
|
2017-02-06 08:01:04 +11:00 |
SteveGilvarry
|
9716c4ef89
|
Add Option help
|
2017-02-05 18:43:47 +11:00 |
SteveGilvarry
|
c72704bf0b
|
Change descriptions for ffmpeg methods and put TCP first.
|
2017-02-05 15:34:06 +11:00 |
Kyle Johnson
|
5804cd2462
|
Merge pull request #2 from connortechnology/fix_sql_injection
Sanitize input parameters
|
2017-02-04 15:05:54 -07:00 |
Andrew Bauer
|
c5906a5d4f
|
Merge pull request #6 from connortechnology/log_xss_fixes2
Log xss fixes2
|
2017-02-04 16:05:43 -06:00 |
Kyle Johnson
|
6b3a53ec0f
|
Tell PDO to use real prepared statements.
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.
See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
|
2017-02-04 14:59:33 -07:00 |
Isaac Connor
|
9135da92ed
|
fix typo fileFields => filterFields
|
2017-01-31 21:33:43 -05:00 |
Isaac Connor
|
3437f23e8a
|
Merge branch 'master' into fix_sql_injection
|
2017-01-28 14:33:49 -05:00 |
Isaac Connor
|
41dab0750e
|
turn whatever gets output into html escaped html so that nothing gets revealed
|
2017-01-27 21:30:22 -05:00 |
Isaac Connor
|
a8d1450adf
|
Merge branch 'master' into fix_sql_injection
|
2017-01-27 17:18:34 -05:00 |
Kyle Johnson
|
746a096483
|
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
|
2017-01-27 15:16:33 -07:00 |
Isaac Connor
|
c1e05753d6
|
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro
|
2017-01-27 17:12:46 -05:00 |
Andrew Bauer
|
dbd73690b2
|
use !== false rather than === true
|
2017-01-25 09:26:07 -06:00 |
Andrew Bauer
|
6189d2670c
|
ZM_DIR_EVENTS can be, and often is, a symlink
|
2017-01-25 09:05:34 -06:00 |