Commit Graph

414 Commits

Author SHA1 Message Date
Isaac Connor 1253fb1723 update whitespacing/braces. Add a warning when dbFetchOne is used with a column that isn't in the returned row 2017-04-28 14:17:36 -04:00
Isaac Connor 088fa0192b Merge branch 'master' into storageareas 2017-04-25 10:00:14 -04:00
Joshua Ruehlig 05a141bf78 Update database.php 2017-04-24 23:40:52 -07:00
Isaac Connor ef6c675c6a work in progress, rough in adding the svg zones to montage 2017-04-24 11:11:44 -04:00
Isaac Connor 3db38eb474 limit points to the limits of the monitor 2017-04-19 16:12:12 -04:00
Isaac Connor fbbe748bc8 Restore old behaviour for events that don't have a video 2017-04-19 14:15:32 -04:00
Isaac Connor b71d021ae1 Merge branch 'fix_1849' into storageareas 2017-04-18 12:43:04 -04:00
Isaac Connor f2920c37e0 escapeshellarg adds quotes, which is bad. Use escapeshellcmd on the whole string instead. 2017-04-18 12:31:20 -04:00
Isaac Connor a5e7db0f7c use faster ffmpeg method to generate frame image 2017-04-13 12:35:14 -04:00
Isaac Connor 7815f1c539 introduce a redirect flag global variable to allow us to redirect. Which allows to redirect on successful login so we don't get repost popups 2017-04-05 10:05:21 -04:00
Isaac Connor d1a60dedc8 Fix the overzealous use of escapeshellcmd that breaks restarting monitors 2017-03-31 11:59:55 -04:00
Isaac Connor 538658403c Merge pull request #1822 from knnniggett/csrf
Implement CSRF Mitigation
2017-03-30 10:39:55 -04:00
Isaac Connor fe223e3b29 remove a warning when adding users when not logged in (could happen if OPT_AUTH isn't turned on yet 2017-03-29 10:38:29 -04:00
Isaac Connor 3cd9e46df9 Merge branch 'knnniggett-csrf' into storageareas 2017-03-28 20:44:38 -04:00
Isaac Connor d006ebfc3c Merge branch 'csrf' of https://github.com/knnniggett/ZoneMinder into knnniggett-csrf 2017-03-28 20:10:59 -04:00
Isaac Connor 769af661e9 Merge branch 'fix_x10' into storageareas 2017-03-28 20:05:52 -04:00
Isaac Connor 589b369109 fix inserting x10 record with missing , 2017-03-28 20:03:46 -04:00
Andy Bauer 4e16ae6d19 add ZM_ENABLE_CSRF_MAGIC toggle 2017-03-28 17:29:36 -05:00
Isaac Connor 8ef7a708bd updates in filters, try to get the new filter loaded when saving with a new name 2017-03-27 13:12:37 -04:00
Isaac Connor 670c1a3c7c pass NULL for ['width'] 2017-03-21 09:47:07 -04:00
Andrew Bauer 2dcd95bc7f Merge pull request #1504 from ZoneMinder/improve_filter
Improve filter
2017-03-18 21:12:58 -05:00
Andrew Bauer d38bae72ae integrate csrf-magic library 2017-03-18 20:12:06 -05:00
Isaac Connor d9c665b021 Merge branch 'fix_crash_with_invalid_zones' into storageareas 2017-03-17 09:35:11 -04:00
Andrew Bauer 7e0ac4b239 Merge pull request #1780 from connortechnology/fix_1775
use escapeshellarg on inputs to daemonControl and other functions
2017-03-16 09:27:04 -05:00
Isaac Connor 4df12ae370 Merge branch 'montage_width_height' of github.com:ConnorTechnology/ZoneMinder into montage_width_height 2017-03-06 17:30:00 -05:00
Isaac Connor fdcb93eacc Merge branch 'master' into storageareas 2017-03-06 16:22:28 -05:00
Isaac Connor 4fc0aead70 wip 2017-03-01 15:26:40 -05:00
Isaac Connor c4caa9a631 convert arguments from an array of strong to a hash and use http_build_query 2017-02-27 21:48:08 -05:00
Isaac Connor c3a52272d8 implement changeWidth, changeHeight and alter getStreamHTML to take an array of options 2017-02-27 20:56:14 -05:00
Andy Bauer 8759e2bdb4 prevent divide by zero, make error messages more descriptive 2017-02-21 13:10:41 -06:00
Andy Bauer 27ca8d8674 use === operator in getDiskPercent function 2017-02-21 12:33:05 -06:00
Isaac Connor 186e5ba866 Merge branch 'master' into storageareas 2017-02-21 09:48:00 -05:00
Manojav Sridhar f50c0e2096 fix missing isset check, caused number of Undefined Property warnings 2017-02-18 11:15:43 -05:00
Isaac Connor 2bf4b5ad1a use escapeshellarg on inputs to daemonControl and other functions where exec is called 2017-02-15 09:45:25 -05:00
Isaac Connor d135216ac7 Merge branch 'master' into storageareas 2017-02-15 09:30:35 -05:00
Kyle Johnson 5804cd2462 Merge pull request #2 from connortechnology/fix_sql_injection
Sanitize input parameters
2017-02-04 15:05:54 -07:00
Andrew Bauer c5906a5d4f Merge pull request #6 from connortechnology/log_xss_fixes2
Log xss fixes2
2017-02-04 16:05:43 -06:00
Kyle Johnson 6b3a53ec0f Tell PDO to use real prepared statements.
This makes sure the statement and the values aren't
parsed by PHP before sending it to the MySQL server.

See https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php
and https://secure.php.net/manual/en/pdo.setattribute.php
2017-02-04 14:59:33 -07:00
Isaac Connor 9fd9c5de20 test for empty and non-existent path 2017-01-30 17:24:41 -05:00
Isaac Connor fda115bebe tell zmc and zma to stop before updating db 2017-01-30 16:37:53 -05:00
Isaac Connor 41dab0750e turn whatever gets output into html escaped html so that nothing gets revealed 2017-01-27 21:30:22 -05:00
Isaac Connor a8d1450adf Merge branch 'master' into fix_sql_injection 2017-01-27 17:18:34 -05:00
Kyle Johnson 746a096483 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2017-01-27 15:16:33 -07:00
Isaac Connor c1e05753d6 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder-Pro 2017-01-27 17:12:46 -05:00
Isaac Connor 8ce7719a33 remove extra db call cuz i sredundant 2017-01-18 21:12:54 -05:00
Isaac Connor 899b1b82b9 Merge branch 'filter_by_runstate' into storageareas 2017-01-14 17:07:20 -05:00
Isaac Connor 242e5a56d8 rough in the ability to filter on RunState 2017-01-14 16:55:28 -05:00
Isaac Connor 3074263e06 Merge branch 'control_fixes' into storageareas 2017-01-10 12:54:46 -05:00
Isaac Connor 55403219d8 fix regexp for direction in control command. Also log if the regexp doesn't match 2017-01-10 12:35:38 -05:00
Isaac Connor d8b8d78576 Fix storagearea lookup. Default to ZM_EVENTS_DIR 2017-01-09 16:35:58 -05:00