Commit Graph

5470 Commits

Author SHA1 Message Date
Isaac Connor 8f3d1f8653 fix a missing = and use csrf_get_tokens instead of csrf_get_secret which is the wrong function 2019-04-02 15:25:14 -04:00
Isaac Connor 9e96c29620 Log a failed csrf check 2019-04-02 15:24:47 -04:00
Isaac Connor 8a90176a2c Add CanReboot to Controls 2019-04-02 09:25:50 -04:00
Isaac Connor 501324d778 Merge branch 'storageareas' of github.com:connortechnology/ZoneMinder into storageareas 2019-04-01 22:09:57 -04:00
Isaac Connor d5402e9cba Correct Storaage Server name in list 2019-04-01 22:09:47 -04:00
Isaac Connor 110e5075f4 fix namespace fixes #3566 2019-04-01 17:21:01 -04:00
Isaac Connor 15fb546e15 spacing 2019-04-01 11:13:35 -04:00
Isaac Connor 7d07cdf530 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-04-01 10:12:09 -04:00
Isaac Connor fa9803d819 Can't use this->data to avoid another db hit. Must load by id 2019-04-01 10:11:56 -04:00
Andrew Bauer e97751558f eslint fix 2019-03-30 10:41:04 -05:00
Isaac Connor 90e97ff135 Merge branch 'master' into storageareas 2019-03-28 11:20:29 -04:00
Isaac Connor 49e3f0a68e eslint fixes 2019-03-28 09:43:31 -04:00
Isaac Connor ee4b452e42 Update monitor edit to not use inline js 2019-03-25 16:25:09 -04:00
Isaac Connor c7e09e03d3 add cache busting to base.js 2019-03-25 16:24:46 -04:00
Isaac Connor 052a2ef1fd fix eventserver => eventnotification 2019-03-25 12:20:21 -04:00
Isaac Connor 7565e171b4 spacing 2019-03-25 12:18:15 -04:00
Isaac Connor 4eafc52955 spacing 2019-03-25 12:18:01 -04:00
Isaac Connor 7e62ccca3c Handle div by zero when TotalMem is not known for Server 2019-03-25 12:08:56 -04:00
Isaac Connor 8d07a4a08f Log useful error messages when can't mkdir the monitor events dir or the symlink to it. symlink is a warning because the symlink is just a user aid 2019-03-25 11:58:04 -04:00
santos995 accf826ae9 New translations 2019-03-25 11:44:01 +03:00
santos995 42196ed5aa
Update translation ru 2 2019-03-25 10:20:27 +03:00
Isaac Connor 677b9cfbed Make controlcap popup wider 2019-03-24 09:59:04 -04:00
Isaac Connor bd5c9b5b20 add Control to ZM namespace 2019-03-24 09:58:50 -04:00
santos995 01056fc0f4
Перевод некоторых слов 2019-03-24 04:14:06 +03:00
Isaac Connor f311fcc9e0 change to a button 2019-03-22 17:28:23 -04:00
Isaac Connor 8f28ba0be3 beter debug and less often when no terms in parseFilter 2019-03-22 17:28:12 -04:00
Isaac Connor 6d4d353209 fix namespace on MontageLayout 2019-03-22 17:27:58 -04:00
Isaac Connor 16467595d4 Fix clicking in montage 2019-03-21 17:00:51 -04:00
Isaac Connor 65fab1b032 add px to width and height of event img 2019-03-21 14:14:45 -04:00
Isaac Connor 7f7acc18ee spacing and code doc 2019-03-21 14:14:30 -04:00
Isaac Connor f434042c52 fix spacing 2019-03-21 14:14:15 -04:00
Isaac Connor f5dfa0d740 Spacing and fix clone monitor by setting the Id to 0 instead of nextId, so that when we go to save it, we use an insert instead of an update 2019-03-20 15:03:20 -04:00
Isaac Connor 10a972f2a0 fixes to download video 2019-03-20 14:51:59 -04:00
Isaac Connor d4353af8af Fix eslint errors 2019-03-20 14:51:39 -04:00
Isaac Connor a5366d522d Fixup exporting 2019-03-20 14:29:05 -04:00
Isaac Connor ae7391689b Add some code doc 2019-03-20 14:28:19 -04:00
Isaac Connor ad059f985e spacing 2019-03-20 14:27:23 -04:00
Isaac Connor 09b42f8b55 remove nonce from js because it is the exported html not part of the zm web ui 2019-03-20 14:27:10 -04:00
Isaac Connor 6efeab5f8d improve readability of parseFilter 2019-03-20 14:26:48 -04:00
Isaac Connor b988ce0573 more parentheses to make logic more clear 2019-03-20 14:26:35 -04:00
Isaac Connor c3324ada18 Put back mkdir ZM_PATH_SOCKS 2019-03-20 14:26:03 -04:00
Isaac Connor 84a200395e spacing and turn off errors because ajax should only return json 2019-03-20 14:25:34 -04:00
Isaac Connor 52e66adc99 Fix namespace 2019-03-20 14:25:12 -04:00
Isaac Connor a634d8b774 use id instead of this->data when loading Event to delete in API 2019-03-19 17:26:20 -04:00
Isaac Connor 0623afb0ae add language entry for Monitor DefaultCodec 2019-03-19 12:19:58 -04:00
Isaac Connor 71cd024fda spacing updates. Use MP4 instead of H264/H265 in viewing codec dropdown 2019-03-19 12:16:31 -04:00
Isaac Connor 6b6e787e4e fix ajax stream code 2019-03-19 12:05:45 -04:00
Isaac Connor 418276ff1c cleanup/debug 2019-03-19 12:02:42 -04:00
Isaac Connor 3f9564c10a Merge branch 'master' into storageareas 2019-03-19 10:37:35 -04:00
Isaac Connor 428f7e8e8f create setup_onclick and disable_onclick in the monitor object. Use it to setup and disable the click event when editing/cancelling layout editing 2019-03-19 10:24:30 -04:00
Isaac Connor 72b87a7c00 Add code to be a bit more careful about not deleting all events when an incomplete event object is used. 2019-03-19 09:36:58 -04:00
Isaac Connor 2c1c9fe6cd fix missing ZM namespaces 2019-03-19 09:23:35 -04:00
Isaac Connor 1d3af44d02 Fix namespace Warning 2019-03-19 09:13:56 -04:00
Chris ad5f6a8729 Camera reboot function (#2554)
* Adding a button for camera reboot function

This series of commits will add a camera reboot function to the
control interface if supported by the camera configuration.

* Adding reboot function option to contorl configuration

This patch adds a reboot option to the camera control configuration
view.

* Adding Reboot field to Controls table

This patch adds a Reboot field to the Controls table to support
a camera reboot control option.

* Correcting button value to match reset

* Updating language files

I'm not sure of the proper procedure to trigger updating of
non-english language files so I'm updating them all with English
hoping that that will draw attention to the changes and others
will translate accordingly.

* Add missing forward slash
2019-03-18 14:49:05 -04:00
Isaac Connor 520c41da23 Merge ../ZoneMinder.connortechnology.bad into storageareas 2019-03-18 14:40:03 -04:00
Isaac Connor 06eb38f802 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-03-18 11:24:33 -04:00
Isaac Connor 9482207f5c revert namespace stuff in index.php 2019-03-18 11:24:28 -04:00
Matthew Noorenberghe 3c31dd63ce Use zm_session_start() for API auth. Fixes #2547 2019-03-11 00:27:46 -07:00
Matthew Noorenberghe abb6ef1688 API: Escape 'named' params for SQLi in two more Event endpoints.
Fixes #2099
2019-03-11 00:21:51 -07:00
Matthew Noorenberghe 056b96f7fc API: Monitor and Event 'index' SQLi. Fixes #2099 2019-03-11 00:21:51 -07:00
Matthew Noorenberghe ac547e0d5d Don't scroll to the top of the page when force/cancel alarm is clicked 2019-03-10 20:58:24 -07:00
Matthew Noorenberghe e6220e9d07 Fix eslint issues in cycle.js 2019-03-10 20:56:08 -07:00
Isaac Connor 6c8eac1ac8 Merge branch 'storageareas' into h265 2019-03-06 11:10:01 -05:00
Isaac Connor 24665264a2 Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-03-05 20:16:05 -05:00
Isaac Connor fa124eb29a Merge branch 'master' of github.com:zoneminder/ZoneMinder 2019-03-05 14:35:15 -05:00
Isaac Connor f0f2b6a17c implement click_automove and submitToMontrageReview for onclick handlers 2019-03-05 14:35:02 -05:00
Isaac Connor 5a66969fd1 change buttons from inputs to buttons. Add submit to montagereview. get rid of onclick handlers 2019-03-05 14:34:34 -05:00
Isaac Connor 7b7a58b2f1 remove old xhtml-isms 2019-03-05 14:33:03 -05:00
Isaac Connor 0022dbfb76 add a newline to improve readability 2019-03-05 14:31:39 -05:00
Isaac Connor e59eb510e3 update and fix the donate popup 2019-03-05 13:10:04 -05:00
Isaac Connor 73ae3f49ed Merge branch 'master' into storageareas 2019-03-05 11:35:55 -05:00
Isaac Connor 36b00d09e3 fix destination view on the monitors view 2019-03-05 11:02:58 -05:00
Isaac Connor 7779edb485 Fix saving multiple monitors at once by moving the relevant code to includes/actions/monitors.php 2019-03-05 11:02:37 -05:00
Isaac Connor 8053f61a08 fix eslint missing {} 2019-03-05 11:02:09 -05:00
Isaac Connor 76ee31bf68 fix eslint missing {} 2019-03-05 11:01:58 -05:00
Isaac Connor 49a1954f96 fix typo and remove deprecated DefaultView 2019-03-05 11:01:39 -05:00
Isaac Connor 8b29c5f54c Fix typo: Ineterval to Interval 2019-03-05 10:58:23 -05:00
Isaac Connor f446e73ff7 Typo: AnalysisUpdateDelete to AnalysisUpdateDelay 2019-03-05 10:55:27 -05:00
Isaac Connor 778707c8df Merge branch 'master' into storageareas 2019-03-04 14:33:28 -05:00
Isaac Connor 7cee8356bd Fix setting frame width when changing from fixed width to scaled 2019-03-04 13:43:03 -05:00
Isaac Connor 96e29c0299 fix up remaining issues with cycle updates 2019-03-04 13:35:40 -05:00
Isaac Connor e9a6eee2bb Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-03-01 17:47:50 -05:00
Isaac Connor 190142b24c Merge branch 'master' into storageareas 2019-03-01 17:47:07 -05:00
Isaac Connor ff8c5c5db8 remove debug 2019-03-01 17:28:00 -05:00
Isaac Connor 78513e22fd When doing an OPTIONS just do CORS and exit. if xmlHttpRequest don't do a redirect login. Do a failed auth header and quit 2019-03-01 17:27:08 -05:00
Isaac Connor 7703661cb1 Don't use streaming port in UrlToIndex because xmlHttpRequest won't send cookies to a different port 2019-03-01 17:25:17 -05:00
Isaac Connor 520bd4e7a7 Add ZM namespace to Logger 2019-03-01 14:42:05 -05:00
Isaac Connor 05bc57e245 Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-03-01 14:27:30 -05:00
Isaac Connor 466c379e94 Merge branch 'master' into storageareas 2019-03-01 14:03:49 -05:00
Isaac Connor 675b4975b0 Fix control presets 2019-03-01 13:37:34 -05:00
Isaac Connor 2d75ab50af Implement deleting from Logs based on line count instead of interval 2019-02-28 16:12:34 -05:00
Isaac Connor 20fe502ca4 Add ZM to ErrorHandler. Spacing and quotes 2019-02-27 12:02:40 -05:00
Isaac Connor 2db030265b Merge branch 'master' into storageareas 2019-02-27 11:08:04 -05:00
Isaac Connor a1f1c19c0f fix missing ZM namepsace 2019-02-27 11:07:52 -05:00
Isaac Connor af9c87a112 Merge branch 'master' into storageareas 2019-02-27 10:53:19 -05:00
Isaac Connor 6e4444099b Only populate session with user info on successful login. Use parameters in sql when loading users in getAuthUser. Fixes #2542 2019-02-27 09:57:50 -05:00
Isaac Connor 804c384b4c add Event Notification support to server 2019-02-27 09:29:11 -05:00
Isaac Connor a7ca75758b add Event Notification label 2019-02-27 09:29:00 -05:00
Isaac Connor c0ae7820bb add zmeventnotification to Server object 2019-02-27 09:28:36 -05:00
Isaac Connor 4c35f2910c fix ZM namespace 2019-02-26 18:09:18 -05:00
Isaac Connor df3e11d83c Fix authentication in api because we no longer store the user object in the session 2019-02-26 17:01:45 -05:00
Isaac Connor 95567e07a4 Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-02-26 11:43:07 -05:00
Isaac Connor a00e2381b7 Merge branch 'master' into storageareas 2019-02-26 11:33:29 -05:00
Isaac Connor 92dc7878de
Fix 2340 (#2368)
* include includes/functions.php so that we have access to all it's contents

* add a beforeDelete function which deletes the files.  Add other needed functions like Path() LinkPath() etc.

* add require_once for Storage and functions because we use them in Event

* Now that ZM has namespaces use the ZM Event class to do the heavy lifting of delete

* Don't need functions in AppController anymore
2019-02-26 11:28:56 -05:00
Isaac Connor 5da51d51bc Merge branch 'master' into storageareas 2019-02-26 10:55:51 -05:00
Isaac Connor 53c0fae688 Merge fix from storageareas for archive/delete in events list 2019-02-26 10:22:58 -05:00
Isaac Connor 627e9f74cf fix spacing 2019-02-25 15:24:25 -05:00
Isaac Connor 2187dea2aa add namespace to Warnings 2019-02-25 15:11:08 -05:00
Isaac Connor cbd8ee80f8 add namespace for Monitor 2019-02-24 12:40:40 -05:00
Isaac Connor 3b06f3015a redirect to console of successfullogin takes us to login 2019-02-24 10:07:42 -05:00
Isaac Connor dd590aa729 remove warning when QUERY_STRING is not set 2019-02-24 10:05:45 -05:00
Isaac Connor 46c6735311 Missing namespace on filter. Fixes #2541 2019-02-24 10:02:49 -05:00
Isaac Connor fd310c0f0a Merge branch 'master' into storageareas 2019-02-22 11:33:47 -05:00
Isaac Connor 45778384a6 Merge branch 'release-1.32' 2019-02-22 11:24:23 -05:00
Isaac Connor 9a2dd06e1d Fix use of empty which isn't supported in old php. Remove the code entirely as I think it was just cutnpasted from somewhere else. We don't care if it is a new server or not in the validate code.
Fixes #2540
2019-02-22 11:22:44 -05:00
Isaac Connor 5098329d94
remove ob_clean stuff which logs errors when output buffering is turned off (#2395)
* remove ob_clean stuff which logs errors when output buffering is turned off.

* Don't ob_clean because if buffering is off php will output an error
2019-02-22 09:58:16 -05:00
Isaac Connor 2b90bf15a6
Improve session (#2487)
* Introduce ZM_COOKIE_LIFETIME which sets the life of the SESSION cookie, instead of using what is in php.ini

* Use zm specific session functions, which are now located in includes/session.php.  Be more agressive about clearing session on logout.

* Move session code to includes/session.php

* remove duplicate line

* Move is_session_open to session.php.  Move code to clear a session into session.php

* improve debug line when there is a problem updating config entry

* split description into description and help text for COOKIE_LIFETIME

* Remove redirect on line.  We do it in javascript on postlogin view so that we can say logging in before switching to console

* If there is a username in the session, then we are logged in, but we need to load the user object from the db.  We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request.

* Use session_regenerate_id instead of our broken code to do the same

* Move auth code to includes/auth.php

* add autocomplete tags to username and password inputs

* Don't redirect to login if we are already viewing login.  Put auth before including skin includes

* need to include session.php in auth.php

* update to php namespace
2019-02-22 09:43:38 -05:00
Isaac Connor 0a7667f2d0
Use buttons instead of divs and inputs (#2522) 2019-02-22 09:23:06 -05:00
Isaac Connor 410cb70ddb
get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. (#2534) 2019-02-22 09:20:54 -05:00
Isaac Connor 8dd8888975
Php namespace (#2537)
* experiment with namespaces on the Server class

* experiment with namespaces on the Server class

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects

* Implement the ZM namespace on objects
2019-02-22 09:19:07 -05:00
Isaac Connor e087522203 remove debug 2019-02-21 14:15:10 -05:00
Isaac Connor d93924bd89 increase width of controls popup. 2019-02-20 15:39:26 -05:00
Isaac Connor 8837015239 remove bogus test for Filter Id 2019-02-19 13:54:25 -05:00
Isaac Connor 6d1541a4d2 Merge branch 'fix_privacy_view' into storageareas 2019-02-19 12:57:01 -05:00
Isaac Connor 97a888c0db get rid of js that just does the form submit. Upgrade the button from an input to a button. Use 0 and 1 instead of accept and decline, which allows us to pre-select the current value of ZM_TELEMETRY_DATA. So that if you had previously declined, you won't accidentally accept. This fixes the reported error that choosing decline would cause the setting to not be saved and the privacy popup to happen again. 2019-02-19 12:54:12 -05:00
Isaac Connor fbdb5bcb62 Merge branch 'master' into storageareas 2019-02-19 12:06:32 -05:00
Isaac Connor eaa7341935 Add missing / in path to auth.php 2019-02-19 10:07:36 -05:00
Isaac Connor 87988185e5 remove data-on-click-this from markEids[] because we have an onclick bind in initPage 2019-02-19 09:58:03 -05:00
Isaac Connor 5029d7214a Merge branch 'master' into storageareas 2019-02-18 17:00:45 -05:00
Isaac Connor 4cd3a93e96 add missing / 2019-02-18 16:30:03 -05:00
Mitch Capper b646284da3 don't quote dbEscape values it will quote it already (#2529) 2019-02-17 11:31:28 -05:00
Mitch Capper 04c17283ec need to prefix with _dir_ otherwise relative to initial script (#2531) 2019-02-17 11:31:10 -05:00
Isaac Connor b7a6aed1cd Merge branch 'master' into storageareas 2019-02-16 11:51:23 -05:00
Isaac Connor 34873d5636 We must leave ZM_HOME_CONTENT unescaped so that we can insert actual html like image tags 2019-02-16 11:50:09 -05:00
Isaac Connor 6156aa2af9 Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-02-15 10:49:06 -05:00
Isaac Connor b25770a2f0 Merge branch 'master' into storageareas 2019-02-13 11:52:31 -05:00
Isaac Connor d0745da11c fix path to Control.php 2019-02-13 11:52:16 -05:00
Isaac Connor a41e8a8834 Merge branch 'master' into storageareas 2019-02-13 11:38:38 -05:00
Isaac Connor 400d4dc27e encode the label on the preset so that weird characters and quotes don't break the button 2019-02-13 11:24:09 -05:00
Isaac Connor dd641793a2 Merge branch 'improve_session' into storageareas 2019-02-13 11:17:30 -05:00
Isaac Connor 91a280e56e need to include session.php in auth.php 2019-02-13 11:17:15 -05:00
Isaac Connor 3d6efe2253 Merge branch 'storageareas' of github.com:/ConnorTechnology/ZoneMinder into storageareas 2019-02-13 11:10:07 -05:00
Isaac Connor d1b3b23c09 Merge branch 'master' into storageareas 2019-02-13 09:42:03 -05:00
Isaac Connor b6a0e704d2 whitespace, remove xhtml cruft 2019-02-12 16:41:08 -05:00
Isaac Connor 7a8668ea99 whitespace 2019-02-12 16:40:48 -05:00
Isaac Connor 9a0f3801de fix + instead of . 2019-02-12 16:25:31 -05:00
Isaac Connor 2f301cf5fe Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-12 13:18:08 -05:00
Isaac Connor 5b9bb93703 fix navbar auth 2019-02-12 13:17:55 -05:00
Andrew Bauer 28f5ac4220
Merge pull request #2518 from connortechnology/reload_zmfilter_on_filter_save
rough in a control function in Filter object.  Use it to start/stop z…
2019-02-12 09:26:17 -06:00
timwsuqld f95e9c0363 Fix comment about hiding navbar (#2521)
Fixes #2520
2019-02-11 17:14:33 -05:00
Isaac Connor 5ce681b463 instantiate a false Frame object with id = objectect 2019-02-11 16:37:22 -05:00
Isaac Connor 5a924ab176 cleanup redundant code and spacing 2019-02-11 16:29:19 -05:00
Isaac Connor 3871c28089 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-11 14:15:35 -05:00
Isaac Connor 40e0019267 fix all the nav missing when a users Monitors Permission is None 2019-02-11 14:15:24 -05:00
Isaac Connor a3374aa26c Merge branch 'reload_zmfilter_on_filter_save' into storageareas 2019-02-11 13:26:53 -05:00
Isaac Connor 5695be9f32 rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved. 2019-02-11 13:21:00 -05:00
Pliable Pixels 5a333e153c show object detected file, if object detection in place (#2514) 2019-02-11 10:58:34 -05:00
Matt N 9675367e03 event.js: Wait for delete request to succeed before navigating. Fixes #2384 (#2515) 2019-02-11 09:34:51 -05:00
Matthew Noorenberghe cdbd59f054 bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493 2019-02-10 13:22:08 -08:00
Matthew Noorenberghe cda4a28fec Fix accidental use of 'let' in 255806bd54 2019-02-10 11:14:55 -08:00
Isaac Connor 555cb4780d Merge branch 'master' into storageareas 2019-02-10 12:37:45 -05:00
Isaac Connor c9032d3cb4 add autocomplete tags to username and password inputs 2019-02-10 00:27:33 -08:00
Matthew Noorenberghe c8e41bfee7 log.php: Ensure 'line' is an integer. Helps with #2466 2019-02-10 00:10:39 -08:00
Matthew Noorenberghe a6ee79f428 Fix typo in dbc1c7b72f comment 2019-02-09 22:40:39 -08:00
Matthew Noorenberghe dbc1c7b72f Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469 2019-02-09 22:39:54 -08:00
Matthew Noorenberghe a97711de89 Replace or sanitize remaining uses of PHP_SELF. Fixes #2446 2019-02-09 22:12:36 -08:00
Matthew Noorenberghe 99f1e23c5b Replace usage of PHP_SELF in views/. Fixes #2450 2019-02-09 21:39:19 -08:00
Matthew Noorenberghe effd609ff7 Escape output of state names. Fixes #2475 2019-02-09 20:40:08 -08:00
Matthew Noorenberghe d7ede4643d _monitor_filters.php: Escape MonitorName and Source. Fixes #2457 2019-02-09 19:14:31 -08:00
Matthew Noorenberghe c9d597dced logger.php: Don't output Panic messages unless debugging is on. Fixes #2460 2019-02-09 18:51:30 -08:00
Matthew Noorenberghe 255806bd54 log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453 2019-02-09 18:43:55 -08:00
Matthew Noorenberghe 6af2c4ad0e Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468 2019-02-09 18:06:21 -08:00
Matthew Noorenberghe 9ce05a9a09 user.php: Escape the Username upon display. Fixes #2467 2019-02-09 17:45:52 -08:00
Matthew Noorenberghe 6d2f3c265f events.php: Remove inline event handlers and enforce CSP 2019-02-09 17:34:59 -08:00
Matthew Noorenberghe fcbc22b6a2 functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456 2019-02-09 17:27:47 -08:00
Matthew Noorenberghe 502f53fad0 functions.php: Fix SQLi in getFormChanges 2019-02-09 17:15:02 -08:00
Matthew Noorenberghe ef0e5f453a monitor.php: Fix XSS from LinkedMonitors. Fixes #2463 2019-02-09 17:11:53 -08:00
Matthew Noorenberghe 9705edfe24 monitor.php: Escape monitor method. Fixes #2464 2019-02-09 17:01:45 -08:00
Matthew Noorenberghe cef54feaf9 monitor.php: Escape a bug of output variables. Fixes #2465 2019-02-09 16:54:06 -08:00
Matthew Noorenberghe 254b7286b4 monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451 2019-02-09 16:41:54 -08:00
Matthew Noorenberghe bb75dad091 filter.php: Escape filter query term value to avoid XSS. Fixes #2462 2019-02-09 15:35:55 -08:00
Matthew Noorenberghe dd37808ef7 filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461 2019-02-09 15:24:13 -08:00
Matthew Noorenberghe 70e59ed546 filter.php: Escape the filter name on output. Fixes #2455 2019-02-09 15:19:15 -08:00
Matthew Noorenberghe b2a97ee190 frame.php: Fix multiple XSS from 'show' and 'scale' parameters and enforce CSP.
Fixes #2448, fixes #2449, and fixes #2447.
2019-02-09 15:10:45 -08:00
Matthew Noorenberghe c8066919ff functions.php: Esacepe textContent in htmlOptions() 2019-02-09 14:14:46 -08:00
Matthew Noorenberghe 7b0ee8a6a2 group: Escape group name in heading. Fixes #2454 2019-02-09 14:05:50 -08:00
Matthew Noorenberghe fa6716a64b console: Escape source column output to prevent XSS. Fixes #2452 2019-02-09 02:28:40 -08:00
Matthew Noorenberghe 98e0a0d2c5 Don't output Fatal(...) error messages unless debugging is on to avoid leaking info. Fixes #2459 2019-02-09 02:18:57 -08:00
Matthew Noorenberghe 02f09aad7f view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443 2019-02-09 02:01:26 -08:00
Matthew Noorenberghe 61f6a92cc0 view=download: Validate the eid parameter to avoid XSS. Fixes #2442 2019-02-09 01:37:32 -08:00
Matthew Noorenberghe 0b38e72f88 view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441 2019-02-09 01:16:32 -08:00
Matthew Noorenberghe e36ac1b872 Add a polyfill for NodeList.prototype.forEach 2019-02-08 21:54:23 -08:00
Pliable Pixels 2dc935b488 added object detection frame rendering (#2505) 2019-02-08 13:49:00 -05:00
Isaac Connor 0eb1efff8b fix eslint errors 2019-02-08 13:48:38 -05:00
Isaac Connor ee3a0c1fd1 fix validateForm running on monitor cancel due to lack of type=button on cancel button 2019-02-08 09:55:32 -05:00
Isaac Connor ca781523a8 Merge branch 'master' into storageareas 2019-02-07 08:57:50 -05:00
Isaac Connor 1039149866 fix buttons on events page. data-onclick-this to data-on-click-this 2019-02-07 08:56:48 -05:00
Isaac Connor d33e094526 Merge branch 'master' into storageareas 2019-02-06 17:03:41 -05:00
Isaac Connor 7e84a5914c fix CSP policy violations on filters view 2019-02-06 13:55:19 -05:00
Isaac Connor 0783802d0c fix CSP violations on events 2019-02-06 13:31:34 -05:00
Isaac Connor b04b67c39d Fix CSP violation in the onclick of the monitor view in montagereview 2019-02-06 12:17:10 -05:00
Isaac Connor 6744a9a116 Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works. 2019-02-06 11:46:55 -05:00
Isaac Connor edaf582eb4 Make montagereview more robust when the storage area of an event has been deleted. Add the onmouse events using javascript instead of in the html canvas element so that our CSP policy works. 2019-02-06 11:46:48 -05:00
Isaac Connor 8e62c93f5f add to_json function to Storage. 2019-02-06 11:44:36 -05:00
Isaac Connor a9f0463223 Merge branch 'master' into storageareas 2019-02-05 16:46:47 -05:00
Isaac Connor dca9a81cfd implement data-on-click-true 2019-02-05 16:45:05 -05:00
Isaac Connor d121ecab75 Merge branch 'improve_session' into storageareas 2019-02-05 15:48:42 -05:00
Isaac Connor 141f2afc8c Merge branch 'master' into storageareas 2019-02-05 15:46:58 -05:00
Isaac Connor 21702dcc68 Merge branch 'master' into improve_session 2019-02-05 12:35:29 -05:00
Isaac Connor a40cd144fa Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-05 12:35:15 -05:00
Isaac Connor c54fe7e89a fix state actions 2019-02-05 12:35:06 -05:00
Isaac Connor d08a6fcc7c Don't redirect to login if we are already viewing login. Put auth before including skin includes 2019-02-05 12:32:24 -05:00
Isaac Connor 78bc2c1dc2 add autocomplete tags to username and password inputs 2019-02-05 11:53:57 -05:00
Isaac Connor b6b4a21dbe Move auth code to includes/auth.php 2019-02-05 11:45:58 -05:00
Isaac Connor cb0d9325e6 Use session_regenerate_id instead of our broken code to do the same 2019-02-05 11:45:09 -05:00
Isaac Connor 2466d765bf If there is a username in the session, then we are logged in, but we need to load the user object from the db. We can't just trust it from the session. The user may have been deleted and having that data in the session can be a security risk. So load the user object on every request. 2019-02-05 11:44:45 -05:00
Isaac Connor 5a9083fe86 Remove redirect on line. We do it in javascript on postlogin view so that we can say logging in before switching to console 2019-02-05 11:40:58 -05:00
Isaac Connor a2e04c307d update buttons. reduce duplicated code. Make it so that users with System=View can at least see if there is an update. 2019-01-31 09:40:19 -05:00
Isaac Connor 86b7fe5d29 fix spacing 2019-01-30 16:08:41 -05:00
Isaac Connor 4bacd26c98 log redirections 2019-01-30 16:08:24 -05:00
Isaac Connor 97e3a8178a use session_regenerate_id instead of other strange code 2019-01-30 16:08:09 -05:00
Isaac Connor b09a71d0e2 code style 2019-01-30 16:06:16 -05:00
Isaac Connor 71f961d012 remove redirect to console on login, as it is done in javascript after Logging in message is displayed 2019-01-30 16:05:51 -05:00
Isaac Connor 4e10e6f0ae Merge branch 'improve_session' into storageareas 2019-01-30 15:26:37 -05:00
Isaac Connor 9a3aa49bae Merge branch 'fix_bandwidth' into storageareas 2019-01-30 15:18:16 -05:00
Isaac Connor 533d021dea Merge branch 'master' into storageareas 2019-01-30 15:17:27 -05:00
Isaac Connor 604dbf8776 fix state changing/etc 2019-01-30 14:36:46 -05:00
Isaac Connor 2e2404643f Fix bandwidth due to new actions code. Update buttons on bandwidth popup 2019-01-30 13:20:24 -05:00
Isaac Connor cc0b5e0f1f Move is_session_open to session.php. Move code to clear a session into session.php 2019-01-30 12:52:01 -05:00
Isaac Connor 0eba430932 remove duplicate line 2019-01-30 11:05:43 -05:00
Isaac Connor 4e9ce3c5b7 Move session code to includes/session.php 2019-01-30 11:05:36 -05:00
Isaac Connor 85bb70df68 Use zm specific session functions, which are now located in includes/session.php. Be more agressive about clearing session on logout. 2019-01-30 11:05:19 -05:00
Isaac Connor 7ea8be3fa8 spacing, remove non html5 elements 2019-01-25 09:22:08 -05:00
Matt N 8c5687ca30 Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479) 2019-01-25 08:35:07 -05:00
Matt N fd6179d7c8 Enforce CSP on many more views (#2480) 2019-01-25 08:34:29 -05:00
Matthew Noorenberghe a3e8fd4fd5 Fix zones.php self-xss. Fixes #2444 2019-01-24 23:40:41 -08:00
Matthew Noorenberghe 47d8c9b066 plugin.php: Remove undefined onclick function reference and enforce CSP
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Matthew Noorenberghe 59cc65411f plugin.php: Fix XSS and directory traversal bugs. Fixes #2436
This view seems like dead code so maybe it should be removed instead.
2019-01-23 19:41:38 -08:00
Isaac Connor e53678f869 Can't use a normal subsitution on the Order by field. So parse the sort param instead 2019-01-23 12:22:00 -05:00
Isaac Connor 6eb4d7ae27
Filter improvements (#2438)
* Put back code to close the popup when view is none

* clean up and reduce depth of some logic

* Increase width of user popup

* fix code style

* Make execute_filter work on a filter Id instead of name

* rework logic to reduce code depth. Change view to events to display the results of execute.

* Change the redirect to stay on the new view.  When redirecting from executing a filter, it was redirecting to filter.

* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
montagdude 4da95369f9 Fix zone area calculation (#2437)
Previous method resulted in bogus zone areas (in the range of
1000s of % of frame area) when entering points with the keyboard, even
after applying commit 4937a68650. This
change implements the method here:

http://mathworld.wolfram.com/PolygonArea.html

It has been tested on ZoneMinder 1.32.3 and works correctly when
either entering coordinates with the keyboard or dragging points with
the mouse.
2019-01-23 10:35:18 -05:00
Isaac Connor 7026ebafac Make ajax/stream wait longer for zms. On pi can take up to 3 seconds. Also for php < 5.6, we need to fake 64bit unpack support 2019-01-22 16:45:38 -05:00
Isaac Connor cc8de69eba Merge branch 'master' into storageareas 2019-01-22 11:44:42 -05:00
Isaac Connor 2914fb1d58 Update to html5, remove code to close popup (as it is taken care of in skin.js now. Use cache_bust on skin.js 2019-01-22 09:15:25 -05:00
Isaac Connor e712cedbde spacing and quotes 2019-01-22 09:14:44 -05:00
Isaac Connor ae703c45ee Set closePopup=true so that we don't need code in the none view to close the popup. The common code in skin.js will take care of it. 2019-01-22 09:14:33 -05:00
Matt N 0619a4a161 Validate cnj, obr, and cbr arguments in parseFilter (#2434) 2019-01-22 08:03:25 -05:00
Matt N e7e45b2d95 Remove jQuery use from top-level event listeners in skin.js since view=none doesn't have $j (#2433) 2019-01-22 08:00:39 -05:00
Isaac Connor 7260f823cb Merge branch 'master' into storageareas 2019-01-21 13:52:38 -05:00
Isaac Connor 785c208ecf Fixes #2426. Ca should have been endTime 2019-01-21 12:01:46 -05:00