Commit Graph

432 Commits

Author SHA1 Message Date
Matthew Noorenberghe c8066919ff functions.php: Esacepe textContent in htmlOptions() 2019-02-09 14:14:46 -08:00
Matthew Noorenberghe 02f09aad7f view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443 2019-02-09 02:01:26 -08:00
Matthew Noorenberghe 0b38e72f88 view=download: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2441 2019-02-09 01:16:32 -08:00
Isaac Connor 533d021dea Merge branch 'master' into storageareas 2019-01-30 15:17:27 -05:00
Matt N 8c5687ca30 Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479) 2019-01-25 08:35:07 -05:00
Matt N fd6179d7c8 Enforce CSP on many more views (#2480) 2019-01-25 08:34:29 -05:00
Matthew Noorenberghe 47d8c9b066 plugin.php: Remove undefined onclick function reference and enforce CSP
Also fix tag closing.
2019-01-23 19:47:58 -08:00
Isaac Connor 6eb4d7ae27
Filter improvements (#2438)
* Put back code to close the popup when view is none

* clean up and reduce depth of some logic

* Increase width of user popup

* fix code style

* Make execute_filter work on a filter Id instead of name

* rework logic to reduce code depth. Change view to events to display the results of execute.

* Change the redirect to stay on the new view.  When redirecting from executing a filter, it was redirecting to filter.

* Set a form action for correctness. Change execute button to a button instead of a submit. Stay on the filter view when executing
2019-01-23 11:30:51 -05:00
Isaac Connor cc8de69eba Merge branch 'master' into storageareas 2019-01-22 11:44:42 -05:00
Matt N 0619a4a161 Validate cnj, obr, and cbr arguments in parseFilter (#2434) 2019-01-22 08:03:25 -05:00
Isaac Connor 7260f823cb Merge branch 'master' into storageareas 2019-01-21 13:52:38 -05:00
Isaac Connor a2d4dc974b Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-01-21 11:19:07 -05:00
Isaac Connor fbc236128e add a function to format a time into a duration. Can't use date() because 0 doesn't give us 00:00:00 it gives 19:00:00 2019-01-21 11:16:14 -05:00
Matt N d7ebc85d81 Replace remaining `console` inline event handlers (#2432)
* Use a hidden submit button in _monitor_filters rather than onkeydown

* events/console: Convert checkbox header toggle inline event listeners
2019-01-21 11:11:40 -05:00
Matt N 35fb4366b6 Fix recaptcha support with the CSP (#2420) 2019-01-19 09:47:04 -05:00
Matt N 4e48939660 Add a validateForm event listener and enforce CSP on some views (#2425)
* Add a validateForm event listener and enforce CSP on the controlcap view

* filter.php: Use .validateFormOnSubmit

* server.php: Use .validateFormOnSubmit and fix makePopupButton condition check

* Use .validateFormOnSubmit and enforce CSP on the storage view
2019-01-19 09:41:53 -05:00
Isaac Connor 552e14a971 Merge branch 'master' into storageareas 2019-01-18 10:36:59 -05:00
Matt N 6bb5aa1b87 More inline JS / nonce conversions (#2415)
* monitor.php: Add nonce and move <script> inside </body>

* export_functions.php: Untested: Add @nonce to <script>

* blank.php: Add @nonce to <script> and add to CSP enforced views

* Enforce CSP on login and privacy views

* group.php: Add nonce and move <script> inside </body>

* filter.php: Add @nonce to <script>

* Fix updateButtons argument on the filter page upon change and page load

* events.php: Add @nonce to <script>
2019-01-18 09:51:06 -05:00
Isaac Connor f49dd93b6a Merge branch 'master' into storageareas 2019-01-16 14:39:56 -05:00
Isaac Connor 1f3da476b8 switch to single quotes 2019-01-16 14:04:24 -05:00
Isaac Connor d8ef33396a If multi-port is on, we need to output CORS headers 2019-01-16 13:44:57 -05:00
Isaac Connor ba21820fd0 fix typo 2019-01-16 12:10:34 -05:00
Matt N d33fec9c3f Add a CSP script-src policy with nonce-source and convert more inline event handlers (#2413)
* Add Content-Security-Policy-Report-Only: script-src 'self' 'nonce-' policy

* Use @data-on-click-this to attach inline click event handlers which expect being called with 'this'

Only handle ones that don't return a value.

* Use @data-on-click to attach inline click event handlers with no args and no return value

* Use @data-on-click-true to attach inline click event handlers with 'true' as the only argument

* Enforce a script-src CSP on views without inline JS

* Convert some onchange attributes to data-on-change
2019-01-16 09:59:58 -05:00
Andrew Bauer 07d8ac1d49 implement timezone check function (#2387)
* implement timezone check function

* remove comment

* also check if the timezone is valid

* whitespace
2019-01-15 09:05:11 -05:00
Matt N 083f284599 Replace onclick inline event handlers for createPopup (#2410)
* Move <script> before </body>

* Change makePopupLink to not use onclick

* Change makePopupButton to not use onclick

* Use .popup-link in control_functions.php

* Use makePopupButton in controlcaps.php

* Prevent double-encoding in makePopup*

* Use makePopupButton in devices.php

* Use makePopupButton in logout.php

* Use makePopupLink in monitor.php

* Use makePopupLink and .popup-link in montage.php

* Use makePopupButton in options.php

* Use makePopupButton, makePopupLink, and .popup-link in zones.php
2019-01-15 09:01:58 -05:00
Isaac Connor 52466c398b Merge branch 'split_actions' into storageareas 2019-01-04 15:28:55 -05:00
Isaac Connor dbe9817bc8 Split actions.php into individual files per view 2019-01-04 09:26:34 -05:00
Isaac Connor 5060358870 Merge branch 'master' into storageareas 2018-12-29 09:56:53 -05:00
Andrew Bauer d14e9ecf74 force overloadframes and ExtendAlarmFrames to int (#2373) 2018-12-29 09:53:31 -05:00
Isaac Connor 1a1231fdaa Merge branch 'master' into storageareas 2018-12-28 10:47:27 -05:00
Andrew Bauer fb37fc48e1 update viewImagePatch (#2370) 2018-12-28 10:38:39 -05:00
Isaac Connor eba8b3327d Merge branch 'master' into cleanup_auth 2018-12-11 16:04:42 -05:00
Isaac Connor 4625f7c879 Merge branch 'master' into storageareas 2018-11-28 10:46:49 -05:00
Isaac Connor 17c1933913 remove an extra l 2018-11-26 16:20:15 -05:00
Isaac Connor dea5db9dd9 Merge branch 'zmaudit_check_other_storageareas' into storageareas 2018-11-23 11:11:39 -05:00
Isaac Connor 415d43fafb Include Server Name when testing for CORS. Also be case insensitive. 2018-11-15 12:23:52 -05:00
Isaac Connor 461ce3c1f8 Merge branch 'master' into storageareas 2018-10-29 12:52:06 -04:00
Isaac Connor 6691b5fb52 Include CORS headers when there is a Server defined, instead of requiring there to be more than 1 2018-10-29 12:50:50 -04:00
Isaac Connor 95a6d0666a Improve behaviour and reduce extra logging when db goes away 2018-10-29 09:59:26 -04:00
Isaac Connor 91d83a89fa include semaphore function replacements 2018-10-25 15:40:12 -04:00
Isaac Connor 2881d2af3f Merge branch 'master' into storageareas 2018-10-10 14:13:27 -04:00
Isaac Connor 6ed146b4dd Use Hostname instead of Url in test for CORS access. 2018-10-10 14:01:36 -04:00
Isaac Connor e268264761 Merge branch 'cleanup_auth' into storageareas 2018-10-09 10:24:32 -04:00
Isaac Connor 918d5fd469 move utility functions for doing get/post requests into functions.php from actions.php 2018-10-09 09:39:04 -04:00
Isaac Connor fa55cec12c fix error when scale is auto 2018-09-14 16:57:28 -04:00
Isaac Connor 77edb8f74b Add test for auto scale and don't rescale. Use find_one when loading StorageArea so as to use caching 2018-09-14 16:19:29 -04:00
Isaac Connor 34c7ee32ee Merge branch 'master' into storageareas 2018-09-14 15:13:57 -04:00
Isaac Connor f1442eba90 once we have found a match for our origin, break out of loop 2018-09-14 14:56:26 -04:00
Isaac Connor d9b1d3ec11 fix CORS Headers when we are coming from a non-standard port. Use a regexp instead of == so that we match regardless of port 2018-09-14 14:52:33 -04:00
Isaac Connor 683789eb41 Merge branch 'master' into storageareas 2018-08-03 10:27:48 -04:00
Isaac Connor b72d520e02 implement the ability to pass a disabled option to htmlSelect. Use it to disable the h264 passthrough option for non-ffmpeg monitors. Instead of disappearing it. 2018-08-03 10:02:42 -04:00
Isaac Connor c934295bf9 we shall always pass width & height as pixels without units. 2018-07-31 16:55:13 -04:00
Isaac Connor 05615c5cf4 We should not use a hard path in cache bust 2018-07-11 15:48:01 -04:00
Isaac Connor cf4a1c73fd Always us /zm in cache_bust 2018-07-04 14:46:22 -04:00
Isaac Connor d271d8bf1d Fix my botched change to generateAuthHash 2018-06-25 14:50:54 -04:00
Isaac Connor 99a97543f1 Rework generateAuthHash to take a force parameter so that it can be used to generate auth hashes for zmu 2018-06-25 13:43:08 -04:00
Isaac Connor af3ce3660f Only unlink if file exists, removing warning. Always return a Storage object in Monitor->Storage() fixes Monitor Delete. 2018-05-24 09:54:45 -04:00
Isaac Connor 348468a98d Merge branch 'storageareas' of github.com:ConnorTechnology/ZoneMinder into storageareas 2018-04-26 22:09:48 -04:00
Andrew Bauer 86b2f6a12e New Monitor Type - Website (#2065)
* implement website monitor

* don't check certain fields when using website monitor

* continue to fix javascript errors for website monitors

* check $monitor, not $new_monitor here

* add website monitor documentation

was somehow left out of the initial commit

* fix corruption of functions.php

* add missing comma

* remove errors by testing for existence of key.  If it's a new monitor, then none of the keys will be valid

* If the monitor type is WebSite, then default Status to Running.

* put back start function that got lost in merge.  Don't start StreamCmd's if it's a WebSite

* Add midding comma

* Hide unrelated tabs when type is WebSite. Put back input fields for Type=WebSite

* Don't show control or any of the status fields for WebSite type monitors

* add some parenthesis to ensure order of operations, seems to fix fps and status fields not being shown for regular monitors
2018-04-26 17:18:36 -04:00
Isaac Connor 00e82fb751 Implement MonitoServerId,StorageServerId,FilterServerID in Filters 2018-04-25 13:05:19 -07:00
Isaac Connor dfae6661ab use isset when determining if a column exists, otherwise we throw warnings 2018-04-25 09:32:40 -04:00
Isaac Connor fac3cde1e7 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2018-04-20 15:23:23 -04:00
Isaac Connor 3ea39ad417 whitespace 2018-04-20 15:22:45 -04:00
Andrew Bauer 3c225c9f1c Migrate Webcache out of webroot (#2083)
* migrate webcache folder out of webroot, migrate htaccess files

* rpm specfile - add missing reference to cache folder

* fix submodule mixup
2018-04-19 15:01:46 -04:00
Isaac Connor e3afa5e309 handle scale not being defined when using mpeg streaming 2018-04-18 11:28:19 -04:00
Isaac Connor ef70ff86e9 cleanup zmaControl 2018-04-17 11:36:14 -04:00
Isaac Connor 53ce8c008a move auth functions into it's own file 2018-04-06 14:36:23 -04:00
Isaac Connor 793f630ee0 Merge branch 'storageareas' of github.com:connortechnology/ZoneMinder into storageareas 2018-04-02 10:43:07 -07:00
Isaac Connor df3a5b7d58 must reopen the session before destorying it 2018-03-29 19:19:08 -04:00
Isaac Connor 3fe5bb6fe2 open and close the session around user login 2018-03-29 11:30:20 -04:00
Isaac Connor 27736fb5d9 Merge ../ZoneMinder.master into storageareas 2018-03-15 11:04:41 -04:00
Andrew Bauer 0df59c26b8
fix typo
Fix unable to enable camera
2018-03-10 19:48:53 -06:00
Andrew Bauer ed4dac761a
Merge pull request #2049 from ZoneMinder/fix_2044
Fix 2044
2018-03-03 12:49:57 -06:00
Isaac Connor 3fc7ebee6c Merge ../ZoneMinder.master into storageareas 2018-03-03 09:32:23 -08:00
Isaac Connor 735e36c2a8 split htmlSelect into htmlOptions 2018-02-26 17:08:30 -08:00
Isaac Connor 464b588f08 add a case for toggle, which are booleans and default them to false 2018-02-26 07:29:49 -08:00
Isaac Connor 505e726636 turn off debug 2018-02-14 13:51:49 -05:00
Isaac Connor a09bf3b097 slightly improve auth debugging 2018-02-14 11:58:00 -05:00
Isaac Connor 93996402d9 turn off debug 2018-02-02 13:24:07 -05:00
Isaac Connor 018523134e use ZM_BASE_PROTOCOL when loading plugins. https can't load http content 2018-01-31 14:35:23 -05:00
Isaac Connor 2ea2f46ec8 braes 2018-01-25 09:13:31 -08:00
Isaac Connor a271f1776d Fix #80 don't escape NULL value when building SQL 2018-01-24 10:35:22 -05:00
Isaac Connor 9f89ccfa32 revert issue with AUTH_HASH_LOGINS 2018-01-24 07:46:56 -05:00
Isaac 06c9266c62 use snapshot.jpg more 2018-01-22 03:27:01 +01:00
Isaac Connor 0f3cf33565 Move unparse_url from add_monitors to functions to make it generally available 2018-01-19 08:16:52 -08:00
Isaac Connor 4b37c6fc42 Change the Group dropdown to a single indented dropdown, and use chosen on it 2018-01-12 11:25:15 -08:00
Isaac 3c55557c77 Handle to val in a filter term 2018-01-11 22:53:53 +01:00
Isaac Connor 5792021ee3 Merge branch 'storageareas' into fugro 2018-01-10 15:08:28 -05:00
Isaac Connor 74269fea73 make montagereview load event images from the server that the storage is located on 2017-12-22 12:33:30 -08:00
Isaac Connor 148e21d707 fugro 2017-12-21 21:46:21 -05:00
Isaac Connor 5f4b2ca53f don't close the session when logging in 2017-12-18 14:35:11 -05:00
Isaac Connor d312482a2b add StorageScheme to Storage and Events. Deprecate ZM_USE_DEEP_STORAGE 2017-12-18 12:52:26 -05:00
digital-gnome c0fcfe6eb6 Combine possible sort inputs to one in sortQuery, output limitQuery 2017-12-15 08:47:08 -05:00
Isaac Connor e364641d7b on initial page hit, the cookie might not be set. Use global instead. 2017-12-13 11:21:50 -05:00
Isaac Connor bd73e7c2e2 Merge branch 'robots' into storageareas 2017-12-07 10:31:25 -05:00
digital-gnome f8d3c07586 Add h264 event view functionality and new feature alarmCues (#2012)
* Fix nearEventsQuery

Removed dbEscape from getNearEvents previous event because it only returns 0.  Now matches next.  Changed getEventDefaultVideoPath function to return a web path rather than the absolute path based on ic0ns branch.  Also added start times to allow for videoJS replaymode.

* Unescape filters

Filters need to be unescaped

* Add initial values to page load

* Add replay modes to videojs

* rough in figuring out a frame in between bulk frames

* Add alarmCues

Add a graphical indication of where alarm frames happened in an event.  Similar to what zmNinja shows.

* Add remaining buttons to videojs

Functionality for all buttons on videojs streams.  FF/RW buttons show as active when they are active.

* Whitespace and fix Bulkframe calcs

* Fix zms events trying to generate with mp4 code

ZMS events would attempt to generate frames as though they were an mp4/passthrough type because the full eventpath wasn't passed

* ZMS scrub bar

Move zms scrub bar to bottom of image feed.  Make it simpler and more like videojs style.

* Wrap event feeds properly

* Fix dvrControls on watch view

* Add scaleToFit

Add a scaleToFit option to event view

* Add navigation for videoJS streams

Disables nav buttons at beginning and end of events.  Handles switching from zms to videojs.  If zms crashes changes next event function to reload page instead of ajax.

* Add scaleToFit to watch and frame view

Adds scaleToFit to watch view.  Since frame view uses the watch cookie this required changes to frame view

* Add transition to zoom

* Change stills view to match stream

Move stills slider bar to match scrub bar on streams.  Allow it to resize, make it larger.  Add alarmcues.

* Add Stills for every event

Add stills for every event.  Match size to stream size

* Progressbox transitions
2017-12-04 21:26:59 -05:00
Isaac Connor 6270408c8f rework group MonitorIds and add GroupId filters to api 2017-12-04 15:52:16 -05:00
Isaac Connor b565125df9 montage layout improvements 2017-11-22 12:33:34 -05:00
Isaac Connor cd1d2e1721 lots more debugging. re-add status update command on failure 2017-11-22 01:18:07 -05:00
Isaac Connor 489d3ba6ed Merge ../ZoneMinder.master into storageareas 2017-11-21 12:23:17 -05:00