Commit Graph

12390 Commits

Author SHA1 Message Date
Isaac Connor 400d4dc27e encode the label on the preset so that weird characters and quotes don't break the button 2019-02-13 11:24:09 -05:00
Steve Gilvarry 924d5235d0 Validate zmu Username and Password lengths (#2484)
* Validate zmu Username and Password lengths
Ensure user provided values are not larger than allowed and error if
they are, therefore further preventing overflow.

* Check username and password functions for zmu and zms

* Check username and password functions for zmu and zms
2019-02-13 10:40:43 -05:00
Chris NeJame f7b31c89ef Fixes #2375 (#2376)
* updated docs to include instructions on how to find the loaded PHP config file

* Added note about verifying timezone change

* revert docs back to master branch's content

* added installation guide for Ubuntu 18.04

The only difference between Ubuntu 16.04 and 18.04 is the version of
PHP that comes installed, which changes the location of its config file

* reverting debian instructions to master
2019-02-12 17:56:40 -05:00
Isaac Connor b6a0e704d2 whitespace, remove xhtml cruft 2019-02-12 16:41:08 -05:00
Isaac Connor 7a8668ea99 whitespace 2019-02-12 16:40:48 -05:00
Isaac Connor 0bfaf87d27 Mostly code style and whitespacing. However, I do setup more values in the output frame when doing audio resampling 2019-02-12 16:40:27 -05:00
Isaac Connor 9a0f3801de fix + instead of . 2019-02-12 16:25:31 -05:00
Isaac Connor 3177764db4 spacing 2019-02-12 14:20:33 -05:00
Isaac Connor 2f301cf5fe Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-12 13:18:08 -05:00
Isaac Connor 5b9bb93703 fix navbar auth 2019-02-12 13:17:55 -05:00
Andrew Bauer 28f5ac4220
Merge pull request #2518 from connortechnology/reload_zmfilter_on_filter_save
rough in a control function in Filter object.  Use it to start/stop z…
2019-02-12 09:26:17 -06:00
timwsuqld f95e9c0363 Fix comment about hiding navbar (#2521)
Fixes #2520
2019-02-11 17:14:33 -05:00
Isaac Connor 5ce681b463 instantiate a false Frame object with id = objectect 2019-02-11 16:37:22 -05:00
Isaac Connor ed6b22ac06 spacing 2019-02-11 16:29:36 -05:00
Isaac Connor 5a924ab176 cleanup redundant code and spacing 2019-02-11 16:29:19 -05:00
Isaac Connor 3871c28089 Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-11 14:15:35 -05:00
Isaac Connor 40e0019267 fix all the nav missing when a users Monitors Permission is None 2019-02-11 14:15:24 -05:00
Isaac Connor 5695be9f32 rough in a control function in Filter object. Use it to start/stop zmfilter processes when filters are deleted or Saved. 2019-02-11 13:21:00 -05:00
Pliable Pixels 5a333e153c show object detected file, if object detection in place (#2514) 2019-02-11 10:58:34 -05:00
Isaac Connor cd0d753cce Merge branch 'master' of github.com:ZoneMinder/ZoneMinder 2019-02-11 09:55:50 -05:00
Isaac Connor e79d7ec736 change let to var 2019-02-11 09:55:45 -05:00
Matt N 9675367e03 event.js: Wait for delete request to succeed before navigating. Fixes #2384 (#2515) 2019-02-11 09:34:51 -05:00
Matthew Noorenberghe cdbd59f054 bandwidth.php: Submit to the 'bandwidth' view but render the 'none' view. Fixes #2493 2019-02-10 13:22:08 -08:00
Matthew Noorenberghe ef1112801f Request browser name and version for web issues (part 2) 2019-02-10 12:38:18 -08:00
Matthew Noorenberghe 28a8af34d5 Request browser name and version for web issues 2019-02-10 12:22:44 -08:00
Matthew Noorenberghe cda4a28fec Fix accidental use of 'let' in 255806bd54 2019-02-10 11:14:55 -08:00
Steve Gilvarry 2975225918 Cleanup old files (#2509)
* Remove Doc-Pak folder
Duplicates and out of date

* Delete umutils dir, looks like some old build script.

* Remove NEWS file as it is not being used.

* Remove TODO

* Remove description-pak, hanging around since NextTime days

* Delete ChangeLog file leaving CHANGELOG.MD as main file, which needs updating..

* Remove INSTALL file as it was not up to date, happy to consider an update instead.

* Remove Authors, not really adding much value and pretty sure the history is documented elsewhere.

* Deleted BUGS. Should be covered in the readme, let me know if you want me to add a link..
2019-02-10 13:09:40 -05:00
Steve Gilvarry 87413d447d Set CSRF on as the default for new installs. Fixes #2507 (#2508)
* Set CSRF on as the default for new installs. Not sure we can impact config on existing installations.

* Fix the spelling mistake that I noticed after editing this.
2019-02-10 13:08:58 -05:00
Isaac Connor c9032d3cb4 add autocomplete tags to username and password inputs 2019-02-10 00:27:33 -08:00
Matthew Noorenberghe c8e41bfee7 log.php: Ensure 'line' is an integer. Helps with #2466 2019-02-10 00:10:39 -08:00
Matthew Noorenberghe a6ee79f428 Fix typo in dbc1c7b72f comment 2019-02-09 22:40:39 -08:00
Matthew Noorenberghe dbc1c7b72f Only output the CSRF Try Again button (and add a warning) when ZM_LOG_DEBUG is on. Fixes #2469 2019-02-09 22:39:54 -08:00
Matthew Noorenberghe a97711de89 Replace or sanitize remaining uses of PHP_SELF. Fixes #2446 2019-02-09 22:12:36 -08:00
Matthew Noorenberghe 99f1e23c5b Replace usage of PHP_SELF in views/. Fixes #2450 2019-02-09 21:39:19 -08:00
Matthew Noorenberghe effd609ff7 Escape output of state names. Fixes #2475 2019-02-09 20:40:08 -08:00
Matthew Noorenberghe d7ede4643d _monitor_filters.php: Escape MonitorName and Source. Fixes #2457 2019-02-09 19:14:31 -08:00
Matthew Noorenberghe c9d597dced logger.php: Don't output Panic messages unless debugging is on. Fixes #2460 2019-02-09 18:51:30 -08:00
Matthew Noorenberghe 255806bd54 log.js: Escape HTML to be shown in the log HtmlTable. Fixes #2453 2019-02-09 18:43:55 -08:00
Matthew Noorenberghe 6af2c4ad0e Escape output of WEB_TITLE, HOME_URL, HOME_CONTENT, & WEB_CONSOLE_BANNER. Fixes #2468 2019-02-09 18:06:21 -08:00
Matthew Noorenberghe 9ce05a9a09 user.php: Escape the Username upon display. Fixes #2467 2019-02-09 17:45:52 -08:00
Matthew Noorenberghe 6d2f3c265f events.php: Remove inline event handlers and enforce CSP 2019-02-09 17:34:59 -08:00
Matthew Noorenberghe fcbc22b6a2 functions.php: Ensure 'limit' request parameter is an integer. Fixes #2456 2019-02-09 17:27:47 -08:00
Matthew Noorenberghe 502f53fad0 functions.php: Fix SQLi in getFormChanges 2019-02-09 17:15:02 -08:00
Matthew Noorenberghe ef0e5f453a monitor.php: Fix XSS from LinkedMonitors. Fixes #2463 2019-02-09 17:11:53 -08:00
Matthew Noorenberghe 9705edfe24 monitor.php: Escape monitor method. Fixes #2464 2019-02-09 17:01:45 -08:00
Matthew Noorenberghe cef54feaf9 monitor.php: Escape a bug of output variables. Fixes #2465 2019-02-09 16:54:06 -08:00
Matthew Noorenberghe 254b7286b4 monitor.php: Escape SignalCheckColour to prevent XSS. Fixes #2451 2019-02-09 16:41:54 -08:00
Matthew Noorenberghe bb75dad091 filter.php: Escape filter query term value to avoid XSS. Fixes #2462 2019-02-09 15:35:55 -08:00
Matthew Noorenberghe dd37808ef7 filter.php: Escape AutoExecuteCmd before output to prevent XSS. Fixes #2461 2019-02-09 15:24:13 -08:00
Matthew Noorenberghe 70e59ed546 filter.php: Escape the filter name on output. Fixes #2455 2019-02-09 15:19:15 -08:00