27bcf3f994
Upgrade jQuery version ( #2430 )
...
* Upgrade jQuery to 1.12.4
* Upgrade jQuery to 2.2.4; Stop support for IE8
* 2.2.4 is compatible with 1.12.4
* This fixes a CSP violation on every page load due to jQuery testing of focusin support with a hidden element.
2019-01-21 11:13:40 -05:00
f0b33145f5
Log CSP violations in ZM logs in supported browsers ( #2431 )
2019-01-21 11:12:17 -05:00
d7ebc85d81
Replace remaining `console` inline event handlers ( #2432 )
...
* Use a hidden submit button in _monitor_filters rather than onkeydown
* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
f69b77e38f
fix eslint complaints
2019-01-19 12:40:17 -05:00
a1a42345e3
More eslint fixes; eslint in php; add eslint to travis ( #2419 )
...
* Add eslint to travis.yml
* Update eslint package versions and apply new indent rules
* Enable the brace-style and block-style eslint rules
* Enable the 'curly' eslint rule
* Enable the 'keyword-spacing' eslint rule
* Enable the 'key-spacing' eslint rule
* Enable the 'object-curly-spacing' eslint rule
* Enable the 'no-new-object' eslint rule
* Only disable the no-caller eslint rule in the one affected file
* Enable the 'no-unused-vars' eslint rule for local variables
* Add linting of JS in .php files
2019-01-19 10:32:40 -05:00
35fb4366b6
Fix recaptcha support with the CSP ( #2420 )
2019-01-19 09:47:04 -05:00
c0a6e54d60
skins/classic/views/control.php second order sqli ( #2422 )
2019-01-19 09:46:21 -05:00
02fd1e79b3
Fix ajax/status.php orderby sql injection ( #2421 )
...
https://github.com/LoRexxar/CVE_Request/tree/master/zoneminder%20vul%20before%20v1.32.3#ajaxstatusphp-line-276-orderby-sql-injection
2019-01-19 09:46:08 -05:00
34e2e47993
controlcap.php: Reflected xss fix with validHtmlStr ( #2423 )
2019-01-19 09:43:28 -05:00
d3f8037e58
Replace onclick='submitTab(...' with a click listener ( #2424 )
2019-01-19 09:42:12 -05:00
4e48939660
Add a validateForm event listener and enforce CSP on some views ( #2425 )
...
* Add a validateForm event listener and enforce CSP on the controlcap view
* filter.php: Use .validateFormOnSubmit
* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check
* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
43a1725060
Fix duplicate 'class' attribute in options ( #2418 )
2019-01-18 10:05:44 -05:00
eef113b6a7
Convert some characters to HTML entities ( #2417 )
2019-01-18 10:02:48 -05:00
deaf651aad
Fix eslint violations ( #2416 )
...
* Add more JS libraries to eslintignore
* eslint . --fix
Automatic fixes only
* frame.js: eslint fixes
* events.js: manual eslint fixes
* skin.js: manual eslint fixes
* watch.js: manual eslint fixes
* Remove some tabs used for indentation in JS
* state.js: Fix new-cap eslint violation
* Disable guard-for-in eslint rule to get everything passing
2019-01-18 10:00:55 -05:00
6bb5aa1b87
More inline JS / nonce conversions ( #2415 )
...
* monitor.php: Add nonce and move <script> inside </body>
* export_functions.php: Untested: Add @nonce to <script>
* blank.php: Add @nonce to <script> and add to CSP enforced views
* Enforce CSP on login and privacy views
* group.php: Add nonce and move <script> inside </body>
* filter.php: Add @nonce to <script>
* Fix updateButtons argument on the filter page upon change and page load
* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
599769b701
rework logic of functions to be more verbose about errors. Implement javascript Nonce support when view=none
2019-01-17 08:50:33 -05:00
1f3da476b8
switch to single quotes
2019-01-16 14:04:24 -05:00
b1cc0c2b82
add CSP nonce to CSRF rewriting
2019-01-16 14:04:07 -05:00
a7db6f08f5
single vs double quotes
2019-01-16 13:47:50 -05:00
42076ad09b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-16 13:46:01 -05:00
a2c23d3263
Need nonce in inline script setting display css
2019-01-16 13:45:26 -05:00
d8ef33396a
If multi-port is on, we need to output CORS headers
2019-01-16 13:44:57 -05:00
e156a6cda0
logout view should go to logout view
2019-01-16 12:23:18 -05:00
ba21820fd0
fix typo
2019-01-16 12:10:34 -05:00
eee1d871e0
get rid of default value for PathToIndex so that it will use PHP_SELF instead
2019-01-16 12:09:26 -05:00
d33fec9c3f
Add a CSP script-src policy with nonce-source and convert more inline event handlers ( #2413 )
...
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy
* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'
Only handle ones that don't return a value.
* Use @data-on-click to attach inline click event handlers with no args and no return value
* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument
* Enforce a script-src CSP on views without inline JS
* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
fd696bc066
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-15 11:38:56 -05:00
ac27005944
remove debug
2019-01-15 11:38:43 -05:00
07c7c271a6
prevent error when event has no frames. Fix PathToIndex() -> PathToIndex. Fixes #2411
2019-01-15 11:38:19 -05:00
3182d8bab7
implement to_json method so that defaults get included
2019-01-15 11:36:56 -05:00
07d8ac1d49
implement timezone check function ( #2387 )
...
* implement timezone check function
* remove comment
* also check if the timezone is valid
* whitespace
2019-01-15 09:05:11 -05:00
083f284599
Replace onclick inline event handlers for createPopup ( #2410 )
...
* Move <script> before </body>
* Change makePopupLink to not use onclick
* Change makePopupButton to not use onclick
* Use .popup-link in control_functions.php
* Use makePopupButton in controlcaps.php
* Prevent double-encoding in makePopup*
* Use makePopupButton in devices.php
* Use makePopupButton in logout.php
* Use makePopupLink in monitor.php
* Use makePopupLink and .popup-link in montage.php
* Use makePopupButton in options.php
* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
c834fbe462
the filter action should singular filter, not filters
2019-01-13 14:52:39 -05:00
a282b487d1
load Help from Config as it is not longer always loaded into ram.
2019-01-11 13:55:03 -05:00
b373577589
fix function view after actions cleanup
2019-01-10 12:08:25 -05:00
1d54216e80
spacing
2019-01-09 16:23:58 -05:00
c1e4fbac6a
extend input path and options to the full width of the popup
2019-01-09 12:37:42 -05:00
2d03583b78
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-08 13:12:42 -05:00
ffa37d8c10
Fix margins on replayControl
2019-01-08 13:12:35 -05:00
3f5a2a2aa6
disable delete button when event is archived.
2019-01-07 15:56:23 -05:00
b4f8500cb5
Merge branch 'split_actions'
2019-01-05 18:33:04 -05:00
3f10553464
Fix include path to Monitors.php
2019-01-05 18:32:53 -05:00
e34a5e972a
fix missing }
2019-01-05 11:12:26 -05:00
e6ba8e58ef
Fix #2391 by defining monitor variable ( #2392 )
2019-01-05 10:20:34 -05:00
5b5905c83a
We always use markEids[] now
2019-01-04 16:29:16 -05:00
de0ef6ce43
Merge branch 'master' into split_actions
2019-01-04 15:55:54 -05:00
e72e4e7ce4
Spacing, remove some html4 stuff, clean up duplicated hidden form elements.
2019-01-04 15:52:36 -05:00
dea64320f0
Fix a + that should be a .
2019-01-04 15:52:14 -05:00
0e20666992
fix eventdetail actions being in events
2019-01-04 15:43:31 -05:00
e2f32ab091
Upgrade config saving
2019-01-04 09:43:36 -05:00
7ec96655c3
fix missing ! when testing for permission on editing config
2019-01-04 09:37:26 -05:00
5b9bf48945
Merge branch 'master' into split_actions
2019-01-04 09:35:54 -05:00
46adcbb66b
Merge branch 'master' of github.com:ZoneMinder/ZoneMinder
2019-01-04 09:34:51 -05:00
edeaa07c12
Fix no quotes around Id
2019-01-04 09:34:42 -05:00
6cad852e11
fix path to MontageLayout
2019-01-04 09:34:18 -05:00
dbe9817bc8
Split actions.php into individual files per view
2019-01-04 09:26:34 -05:00
225fca08e3
Merge pull request #2379 from connortechnology/improve_config_efficiency
...
Improve config efficiency
2019-01-02 19:34:34 -06:00
874930d8fc
Merge branch 'master' into improve_config_efficiency
2019-01-02 13:07:53 -05:00
99471836b7
Use monitor's serverId when loading server object so that images load from recording server.
2019-01-02 11:28:12 -05:00
8a1707a615
Add monitorServerId array to provide server info for each monitor so that we can load images from the recording server.
2019-01-02 11:27:46 -05:00
79113a6869
Add a default Server object to handle non-multi-server case
2019-01-02 10:56:40 -05:00
d14e9ecf74
force overloadframes and ExtendAlarmFrames to int ( #2373 )
2018-12-29 09:53:31 -05:00
3258d8e590
remove ZM_DIR_IMAGES ( #2374 )
2018-12-29 09:52:58 -05:00
a029909972
fix path to thumb and anal images ( #2367 )
2018-12-28 10:46:13 -05:00
fb37fc48e1
update viewImagePatch ( #2370 )
2018-12-28 10:38:39 -05:00
101f24feb5
Update area when editing x and y coords ( #2366 )
2018-12-27 14:28:14 -05:00
5f9a113da1
redirect to montage rather than montagereview
2018-12-26 10:34:01 -06:00
27dd8166ea
Merge pull request #2362 from connortechnology/small_groups_fixes
...
Small groups fixes
2018-12-24 11:30:57 -06:00
e0a9c4a21e
fix event popup detection
2018-12-24 11:23:58 -05:00
68adc289fe
Fix colspan count now that depth is zero-based
2018-12-24 09:40:23 -05:00
e0cae5709f
Group::find is now more powerful so we can just use it to return all Groups to be deleted
2018-12-24 09:39:40 -05:00
63199289ad
Change depth function to be 0-based.
2018-12-24 09:38:55 -05:00
0cce0a642b
Update chosen library to 1.8.7
2018-12-24 09:37:49 -05:00
153877b9c0
Merge pull request #2359 from connortechnology/fix_2353
...
Update permissions checking for Groups to not use session. Fixes #2353
2018-12-21 15:16:49 -06:00
1130d6650a
Fix spacing and pass popup to previous/next event so that popups stay as popups
2018-12-21 10:50:19 -05:00
47465260d1
Update permissions checking for Groups to not use session. Fixes #2353
2018-12-21 10:01:48 -05:00
a277f697e9
whitespace
2018-12-20 14:58:38 -05:00
622c17f628
make sure auth is regenerated each time we call this API ( #2347 )
2018-12-16 11:02:07 -05:00
567b60ffa7
support for forwarded proto/port in Server.php ( #2343 )
2018-12-13 10:24:32 -05:00
8d74354fcb
Merge pull request #2242 from connortechnology/cleanup_auth
...
Cleanup auth
2018-12-12 20:53:24 -06:00
eba8b3327d
Merge branch 'master' into cleanup_auth
2018-12-11 16:04:42 -05:00
21a98f3653
Merge branch 'remove_default_view' of https://github.com/connortechnology/ZoneMinder into connortechnology-remove_default_view
2018-12-11 09:44:13 -06:00
278abbc201
Merge branch 'master' into remove_default_view
2018-12-11 10:37:26 -05:00
3cf6bf1786
Merge pull request #2243 from connortechnology/add_archive_filter_to_montagereview
...
Rough in an archived status filter in montagereview.
2018-12-11 09:36:35 -06:00
fe5cb4bfdc
Merge pull request #2283 from connortechnology/warn_colour_when_disabled
...
Use a warning colour when motion detection is disabled.
2018-12-11 09:36:07 -06:00
4d7e98475f
Merge pull request #2297 from connortechnology/introduce_getBodyTopHTML
...
Introduce get body top html
2018-12-11 09:35:54 -06:00
22460f580b
Merge pull request #2305 from pliablepixels/save-first-alarm
...
Save first alarm
2018-12-11 09:35:40 -06:00
c530337c50
Merge pull request #2331 from connortechnology/fix_ios9
...
Fix ios9
2018-12-11 09:29:50 -06:00
b3bed9a28a
fix whitespace
2018-12-11 10:20:02 -05:00
e1ecd47bff
Fix missing use of UrlToApi
2018-12-11 09:40:40 -05:00
1e8c4276bb
fix #2319 some more. This is fixing rate sticking across gapless events and reload
2018-12-10 17:32:17 -05:00
a1141d2dc4
remove second use of HTTP_HOST and use a better method of stripping off port from HTTP_HOST
2018-12-07 08:39:23 -05:00
757e538550
strip port from HTTP_HOST
2018-12-06 17:12:03 -05:00
9ffd77428a
fix paths to jquery-ui-theme components, thereby upgrading them to the proper version. This fixes the datetime filters not being shown on skins that don't specify a custom theme for jquery-ui
2018-12-05 09:05:10 -05:00
18ce7c9ea0
Old browsers, specifically Safari on IOS9 doesn't support let. Need to use var instead.
2018-12-03 15:17:16 -05:00
27d4ba9e5f
use output of babeljs.io to provide code that works on older browsers. The nice class notation is ES6 upwards.. Safari on IOS9 doesn't like it
2018-12-03 15:16:47 -05:00
e327ad100e
fix WebSite camera startup issue
2018-12-01 17:03:50 -06:00
cae6ffd5a3
use HTTP_HOST instead of SERVER_NAME
2018-12-01 13:27:08 -06:00
9bb4f1804e
Merge branch 'server_path_prefix'
2018-11-30 14:46:20 -05:00
8c626c984b
Need to pass port through all Url functions
2018-11-30 14:45:58 -05:00
Matt N
Isaac Connor
Isaac Connor
Andrew Bauer
David Beitey
Pliable Pixels
Mike Rosack
Andrew Bauer