Isaac Connor
|
0efca38d68
|
Merge pull request #1854 from knnniggett/caketmp
make cake tmp = zoneminder tmp
|
2017-04-15 10:23:03 -04:00 |
Isaac Connor
|
ab4b5e6b69
|
Merge pull request #1853 from knnniggett/cakecache
change cake cache engine from File -> Apc
|
2017-04-14 21:10:23 -04:00 |
Andrew Bauer
|
0b729cf295
|
modify cmakelists.txt
|
2017-04-14 15:15:29 -05:00 |
Andrew Bauer
|
d2490cf7e3
|
make cake tmp = zoneminder tmp
|
2017-04-14 15:11:41 -05:00 |
Andrew Bauer
|
48a73f7e78
|
change cache engine from File -> Apc
|
2017-04-14 14:31:42 -05:00 |
Andrew Bauer
|
3cbd32cd41
|
move cake log to zoneminder log folder
|
2017-04-14 14:24:29 -05:00 |
Andrew Bauer
|
a10d52a3e1
|
Merge pull request #1844 from connortechnology/fix_1812
fix Monitors filtering SQL
|
2017-04-03 20:06:39 -05:00 |
Isaac Connor
|
d3f6ab3d29
|
fix Monitors filtering SQL
|
2017-03-30 13:06:54 -04:00 |
Isaac Connor
|
7e3b27a130
|
Test for Controllable as well as ControlId
|
2017-03-30 10:49:02 -04:00 |
Isaac Connor
|
538658403c
|
Merge pull request #1822 from knnniggett/csrf
Implement CSRF Mitigation
|
2017-03-30 10:39:55 -04:00 |
Isaac Connor
|
589b369109
|
fix inserting x10 record with missing ,
|
2017-03-28 20:03:46 -04:00 |
Andy Bauer
|
eb55a6bb9b
|
set action,view, and/or request to NULL if there are not defined
|
2017-03-28 17:52:31 -05:00 |
Andy Bauer
|
4e16ae6d19
|
add ZM_ENABLE_CSRF_MAGIC toggle
|
2017-03-28 17:29:36 -05:00 |
Isaac Connor
|
eaca58bb7c
|
Merge pull request #1815 from mnoorenberghe/postlogin
Properly escape postLoginQuery. Fixes #1797
|
2017-03-21 10:27:13 -04:00 |
Matthew Noorenberghe
|
ea558c79a0
|
Fix check that API user is enabled
|
2017-03-20 17:16:24 -07:00 |
Isaac Connor
|
badbf1c74c
|
Merge pull request #1816 from mnoorenberghe/flat_window_sizes
Increase default window sizes for the flat theme. Fixes #1059
|
2017-03-20 13:10:13 -04:00 |
Andrew Bauer
|
2dcd95bc7f
|
Merge pull request #1504 from ZoneMinder/improve_filter
Improve filter
|
2017-03-18 21:12:58 -05:00 |
Andrew Bauer
|
d38bae72ae
|
integrate csrf-magic library
|
2017-03-18 20:12:06 -05:00 |
Matthew Noorenberghe
|
91ad6afffb
|
Increase default window sizes for the flat theme. Fixes #1059
Used the computed height of <html> and rounded up the nearest multiple of 5.
|
2017-03-17 22:24:42 -07:00 |
Matthew Noorenberghe
|
ea5342abd2
|
Properly escape postLoginQuery. Fixes #1797
|
2017-03-17 21:05:28 -07:00 |
Andrew Bauer
|
9681a444b4
|
Merge pull request #1765 from SteveGilvarry/ffmpeg_url
Align Method description to what it is actually doing
|
2017-03-16 09:32:30 -05:00 |
Andrew Bauer
|
7e0ac4b239
|
Merge pull request #1780 from connortechnology/fix_1775
use escapeshellarg on inputs to daemonControl and other functions
|
2017-03-16 09:27:04 -05:00 |
Andy Bauer
|
8759e2bdb4
|
prevent divide by zero, make error messages more descriptive
|
2017-02-21 13:10:41 -06:00 |
Andy Bauer
|
27ca8d8674
|
use === operator in getDiskPercent function
|
2017-02-21 12:33:05 -06:00 |
Isaac Connor
|
971c70f540
|
Merge pull request #1793 from mnoorenberghe/api_debug_default
Reduce the default API debug level
|
2017-02-20 21:44:48 -05:00 |
Matthew Noorenberghe
|
df4739826b
|
Reduce the default API debug level
|
2017-02-18 23:06:53 -08:00 |
Manojav Sridhar
|
f50c0e2096
|
fix missing isset check, caused number of Undefined Property warnings
|
2017-02-18 11:15:43 -05:00 |
Manojav Sridhar
|
11b90e6011
|
fix usage of wrong key
|
2017-02-17 12:37:58 -05:00 |
Isaac Connor
|
2bf4b5ad1a
|
use escapeshellarg on inputs to daemonControl and other functions where exec is called
|
2017-02-15 09:45:25 -05:00 |
SteveGilvarry
|
b791504598
|
Wording of help text fixes
|
2017-02-06 08:01:04 +11:00 |
SteveGilvarry
|
9716c4ef89
|
Add Option help
|
2017-02-05 18:43:47 +11:00 |
SteveGilvarry
|
c72704bf0b
|
Change descriptions for ffmpeg methods and put TCP first.
|
2017-02-05 15:34:06 +11:00 |
Kyle Johnson
|
5804cd2462
|
Merge pull request #2 from connortechnology/fix_sql_injection
Sanitize input parameters
|
2017-02-04 15:05:54 -07:00 |
Andrew Bauer
|
c5906a5d4f
|
Merge pull request #6 from connortechnology/log_xss_fixes2
Log xss fixes2
|
2017-02-04 16:05:43 -06:00 |
Kyle Johnson
|
6b3a53ec0f
|
Tell PDO to use real prepared statements.
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.
See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
|
2017-02-04 14:59:33 -07:00 |
Isaac Connor
|
9135da92ed
|
fix typo fileFields => filterFields
|
2017-01-31 21:33:43 -05:00 |
Isaac Connor
|
3437f23e8a
|
Merge branch 'master' into fix_sql_injection
|
2017-01-28 14:33:49 -05:00 |
Isaac Connor
|
41dab0750e
|
turn whatever gets output into html escaped html so that nothing gets revealed
|
2017-01-27 21:30:22 -05:00 |
Isaac Connor
|
a8d1450adf
|
Merge branch 'master' into fix_sql_injection
|
2017-01-27 17:18:34 -05:00 |
Kyle Johnson
|
746a096483
|
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
|
2017-01-27 15:16:33 -07:00 |
Isaac Connor
|
c1e05753d6
|
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro
|
2017-01-27 17:12:46 -05:00 |
Andrew Bauer
|
dbd73690b2
|
use !== false rather than === true
|
2017-01-25 09:26:07 -06:00 |
Andrew Bauer
|
6189d2670c
|
ZM_DIR_EVENTS can be, and often is, a symlink
|
2017-01-25 09:05:34 -06:00 |
Andrew Bauer
|
8b19fca992
|
sanitize the image path before processing
|
2017-01-25 08:30:19 -06:00 |
Kyle Johnson
|
0e7794f2a7
|
Merge pull request #1 from connortechnology/cookie_http_only
set http_only flag in cookie settings
|
2017-01-12 09:25:36 -07:00 |
Andy Bauer
|
7ef7a36f39
|
fix conditional logic in controlcap.js
|
2017-01-10 17:53:05 -06:00 |
Isaac Connor
|
55403219d8
|
fix regexp for direction in control command. Also log if the regexp doesn't match
|
2017-01-10 12:35:38 -05:00 |
Isaac Connor
|
fea5fa1b59
|
fix xtell should be -1 for move left
|
2017-01-10 12:35:02 -05:00 |
Isaac Connor
|
b4bddee337
|
Merge branch 'master' into improve_filter
|
2017-01-03 08:49:56 -05:00 |
Isaac Connor
|
0a90dbac9f
|
require Event.php and clean up use of object vs db row array. Use newer way of using views/image.php by passing eid and frameid instead of a path.
|
2017-01-02 10:35:51 -05:00 |